Whether you’re looking at ransomware attacks, firmware attacks, viruses, or data breaches, all share a common denominator. This is that phishing is often the point of entry.
Phishing is the root cause of approximately 90% of successful cyberattacks. There are a million different scams that attackers can use to get unsuspecting users to visit a malicious website or open a dangerous file attachment.
Why is phishing still such a problem?
Because it continues to evolve along with protections against it. For instance, there was a time when most phishing contained a file attachment that a user had to open to release the malicious code inside.
Network security then evolved to include things like malware detection in email and warnings to users about opening attachments from unknown senders. Employee awareness training drilled the fact that file attachments could unleash viruses and other attacks.
With fewer successful attacks happening because of the protections against malware-laden file attachments, Phishing scammers changed their tactics to use URLs to phishing sites instead.
Users are much less suspect of a link, and an email with a link doesn’t technically contain malware, so it passes many anti-malware email filters.
85% of phishing emails use a link rather than a file attachment.
Some of the typical actions that can happen when a user clicks a phishing link include:
- The site infects the user’s system with ransomware or another type of malware
- User lands on a fake sign-in page designed to steal their login credentials
- User can log into a web server through a phishing form, allowing the scammer to take it over
Just one wrong click on a phishing email can cost a company dearly. For example, the average ransom demand for a ransomware attack was $220,298 as of Q1 2021. This is a 43% increase from the previous quarter.
Because phishing is so pervasive and takes many different forms, it’s important to apply a layered approach when preventing phishing attacks.
Protections to Put in Place to Combat Phishing
Email Spam Filtering
Approximately 1 in every 323 emails a small business receives is malicious. If you reduce the number of phishing scams that make it in front of your employees, you reduce your risk of falling victim to a breach.
Email spam filtering can be done at the mail server level to keep suspicious emails from making their way through to users. This greatly diminishes the risk of them being fooled into clicking on a malware site in the middle of a busy day.
Ongoing User Awareness Training
Employees are an important line of defense when it comes to attackers trying to get into your business network. If they are well trained and understand the signs to look for in phishing emails, they can warn you of attacks and help you avoid a major security incident.
But users need to be trained regularly so they are fully aware of the latest scams that attackers are using.
No matter how savvy someone is, there’s always another scam out there that’s just a little cleverer than the last. Ongoing training ensures employees understand what new types of phishing emails to be on alert for.
Some of the basics of phishing awareness include:
- Hover over links without clicking to reveal the true URL.
- Don’t assume the email address in the “From” line is the true sender.
- Visit login forms directly (Microsoft 365, IRS, shipping accounts, etc.) rather than through a link in an email.
- Be very suspicious of unknown senders, especially if something sounds too good to be true (like a big purchase order).
- Phishing isn’t only done by email, it’s become prevalent over social media and text messages too.
DNS Filtering
To combat the fact that most phishing now uses links rather than file attachments, you should have all your users use a DNS filter on their devices.
DNS filtering checks the URL of a website against a list of known “bad actors” and will block malicious sites, even after a user has clicked the URL.
This can help someone avoid a mistaken click and give them a big warning that the email they just received is a scam and should be reported.
Email Authentication
One way to avoid someone using your company’s domain in a phishing scam is to use email authentication on your mail server.
This is a set of protocols that check for authorization from a mail server to send email using your domain. If a scammer is sending an email from their server and trying to trick your employees by using your company domain in the “From” line, email authentication will pick up those messages and block them.
Managed Antivirus/Anti-Malware
It’s important to keep your network monitored for any threats that may be coming in via phishing. One of the best ways to do this is through a managed services plan that includes antivirus/anti-malware, patch management, and other security safeguards.
Using managed services takes the heavy lifting of IT security off your shoulders and ensures someone is watching your network 24/7 for any threats.
Keep Your Business Safe from Phishing & Other Online Threats
AhelioTech offers multiple protections to keep your Columbus area business safe from phishing and other online threats.
Contact us today for a free quote. Call 614-333-0000 or reach out online.