Back in March, I published a piece about how your business might be under attack by cybercriminals. In that, I highlighted that the average ransomware attacker makes around $94 000 annually. Considering that 94% of ransomware attacks are as a result of phishing, I’ve decided that a follow-up is in order.
In this post, I’ll go over how to protect your business against phishers. I’ll go over why you should consider security awareness training with your staff and other measures that you should put in place.
Start with top-level software
A simple anti-virus system offers great protection against a random attack. What it can’t do is to protect you is protect you from an employee clicking on the wrong link in an email, or downloading a fun meme with a virus.
That’s why you should opt for software that offers more. An email scanner can help you out here by quarantining emails that look suspicious. Someone is then able to go in and check those emails in a safe environment. If they’re legitimate, they can be released. If not, they don’t even make it onto your servers.
Security awareness training
You know how to recognize a phishing email, right? Well, the stats tell a different story. If 94% of ransomware attacks are a result of phishing, that means a lot of money being lost because phishing attacks go undetected.
Standard training urges you to look at things like the address the mail has been sent from, the spelling, and so on before deciding if the mail is legitimate. Security awareness training will teach you and your staff how to recognize the different forms that phishing may take.
Make no mistake; today’s phishers are pretty sophisticated. They can create dummy websites, legitimate-looking client instructions, or even inter-office instructions. Unless you know what to look for exactly, good luck in telling these apart from the real thing.
Test your staff
Your training is only effective if staff use the principles in their day to day tasks. Occasionally firing off a phishing email can highlight areas where training needs to be beefed up. It can also show you which staff is taking their training seriously.
Monitor email communications
Naturally, you’ll need to advise staff that you’ll be doing this. It’s not nice to think that you have to spy on the people that work for you, but it’s good business practice to do so. By doing this, you can see which staff are taking chances on the emails that they open.
Is there someone on the team who receives and sends a lot of dodgy emails? Are they opening anything that they feel will be funny to read? You need to know. And it’s not in order to punish them, but rather to educate them to the dangers of doing so.
Protecting your company against phishers is all about education. If you and your staff are properly trained in spotting an attack, you’ll be able to fight them more effectively. Add that to a killer email scanning program, and regular refresher courses and tests, and you’re way ahead of the game.