The era of the online virus is over. Today, being wary of your inbox is the best way to prevent a cyberattack on your business.
Threats that prey on email vulnerability use tactics called spear phishing or phishing, and it’s how cyber criminals are costing Vermont businesses valuable time and resources. No Vermont business can afford to jeopardize their reputation with their customers. But that’s exactly what happens if your business falls victim to a cyberattack.
A common attack goes something like this: on a typical day at the office, an employee is monitoring their inbox when a new email from their boss comes in. The boss has a request; they want the employee to open a contract on Docusign. Though the request does seem a bit odd to the employee, the email has the boss’s name on it, and the employee has a big workload to get to, so they complete the request and move on without a second thought.
However, a closer look at the email reveals that though the boss’s name was attached, it wasn’t sent from the company domain, and Docusign opened a script that sent the same email to everyone on the company contact list.
Just like that, data is compromised, and the company has spammed all its current and prospective clients. But how is it possible, with spam filters and malware firewalls in place, that a threatening email penetrated the employee’s inbox in the first place?
Worried about business security? Get a free risk report without our technicians even setting foot in your office.
Firewalls and Spam Filters Are Insufficient Defenses to Phishing
Email is one of the most dangerous tools that a business uses, in part because it’s so ubiquitous.
Businesses use email so much it’s easy for people to get caught with their guard down.
With tactics like phishing, it’s becoming more difficult for spam filters and firewalls to keep malicious messages out of employee inboxes. This is because the emails they send are often text-based and short, with no malicious links, software, or attachments—so no filters will stop them.
Phishing has its roots in social engineering, which is a tactic that attackers have been taking advantage of forever.
It’s a classic con and it goes like this: criminals trying to steal company information or valuables pretend to be pest control or maintenance and show up at the door. With some luck and a little charm, the criminals are able to convince the gatekeepers to let them in without performing a proper ID check or confirming with anybody that they’re on the schedule for that day. Once inside, the attackers have access to company information that they can exploit—all because they look the part.
With email, attackers carry out a technical version of the same con. A quick look at a company directory, or sometimes even LinkedIn or Facebook, is all a would-be infiltrator needs to determine who they must pose as to exploit an unsuspecting employee.
Though there are services available which offer some protection against phishing, online exploiters become more savvy every day, and the competition of email protection versus penetration is a game of cat and mouse at best. That’s why creating a diligent company culture around cyber threats, including phishing, is key to your business’s security.
Best Practices to Protect Your Inbox
There are a few ways to protect your business against would-be cyber security threats. The first is to have a solid security system in place with all the bases covered: anti-spam, anti-malware (which scans email attachments for viruses), and anti-phishing.
Anti-phishing technology is under rapid development, and companies like Microsoft are applying machine learning to their email software to learn the typical communication patterns of companies and sniff out imposters.
But innovations in security are matched by those of infiltration, which means curating a responsible culture around email security is paramount to deter phishing attacks. The nature of a spear phishing attack is to create a state of panic in the recipient and lead them to an action which jeopardizes the business. That’s why an informed workforce that can spot signs of foul play is the number one defense to phishing attacks.
Email security and web security training is cheap, and studies show that businesses who invest in quarterly trainings for their employees reduce their exposure by at least a third, if not fifty percent. Being able to spot a malicious email when it comes through is half the battle.
Once one is identified, the second half is having procedures in place to report those emails and send them to IT for screening and analysis. And finally, the most critical piece of all is ensuring there’s a reliable backup for company data in case a phishing attack does get through and accesses or deletes sensitive information. Poor backups or no backup whatsoever can lead to even more costly problems.
Email has become an everyday necessity of doing business. As messages fly in and out of inboxes every hour of the day, attackers have seized the opportunity to catch employees off guard and exploit or corrupt valuable data. Though IT can take some precautions, the most powerful protection against these types of attacks is an educated staff that knows when something is amiss and how to proceed. So don’t wait around while your email is in danger. Start taking the steps to secure your inbox today.