Phishing attacks on businesses can net hackers millions of pounds. The practice can also lead to widespread inconvenience, staff downtime and a loss of commercial edge for the enterprise that falls victim.
Within this blog, we examine the main hallmarks of a phishing attack and provide tips on how to prevent it happening to your organisation.
What is phishing?
Phishing is where a hacker sends an email that contains a seemingly innocent attachment or link that is, in fact, malicious.
Once opened, or clicked, the malicious software infects your computer and can spread to other parts of your network. This may result in encryption of your data, data theft of financial information or intellectual property.”
Over four in ten businesses (43%) and two in ten charities (19%) experienced a cyber security breach or attack in the last 12 months.*
How do I spot a suspicious email?
Well, it’s not always easy. As users gain a greater awareness of cyber threats, hackers have become much more sophisticated in their approach.
Nowadays a viable phishing attack is likely to be carefully focussed and very astute.
Just like advertisers, hackers will work out how to get an emotional response that will trigger a person to open the email attachment. This practice has been dubbed ‘spear-phishing’.
The chances are the email will seem perfectly plausible. It will aim to hit all the right notes with the reader by referring to often mundane, day-to-day tasks.
Not only that, it will be targeted to the relevant staff member who performs such tasks.
Human resources: ‘Please see my CV attached’.
Finance: ‘Unpaid invoice attached’.
Sales: ‘See our terms of business attached’.
Operations: ‘Details of damaged package attached’.
Executive: ‘Letter before legal action attached’.
How do I prevent phishing?
The first thing you should do is ensure you have up-to-date scanning software that can monitor and block malicious outbound DNS requests. You can also use a cloud sandboxing solution to open any suspicious files in a controlled environment, well away from your system and network.
Secondly, seize the initiative by educating your staff about the kind of threats that exist. Encourage them to be savvy and critical when reading a request to click on a link or attachment.
Finally, look for trends in how hackers target your organisation. Remember, they may have gained information on your business from the news, social media, or your website. Simply because an email refers to a widely-reported merger, for example, and addresses you by your full name, doesn’t mean it’s innocent.
What the expert said:
“Every responsible IT professional wants to stop hackers and prevent phishing to protect digital assets and sensitive data.
While it’s true that phishing tactics are becoming more sophisticated, so are our defences against this malicious and potentially devastating practice.
The first and most important stage of any defence strategy is to make sure you have the appropriate tools in place to counter any threat.”
James Cripps, Technical Director
You can find out more about how WatchGuard can protect your business from phishing by looking at this helpful infographic.