It’s the most common type of cyber-attack your team will face – phishing. But armed with knowledge and know-how, you can keep phishing from becoming a crisis in your organization. 

Phishing Defined

Simply put, phishing is when someone sends you an email under the guise of being someone else. The goal of these emails is getting you to click through and take actions such as downloading dangerous attachments, doing something with your device, or giving up personal information.  

Phishing is so attractive to cyber-criminals because it is easy to do, has a lot of room for error, and can be incredibly lucrative. It has evolved over the years into vishing (phone calls) and social media scams as well. Victims usually don’t even know they’ve been targeted until later when their data is used or sold on the Dark Web to someone who wants to commit fraud. Unfortunately, “phighting” the phish is not as simple as blocking a few suspicious emails.

Blocking Won’t Stop Attacks

It’s hard to believe, but many phishing attacks are blocked by spam filters and other tools that divert the attacks before they can do damage. However, these filters are fallible, especially if the attack has taken over a legitimate email account from a trusted source.  

As mentioned above, phishing now affects non-traditional communication channels that may be less able to filter out the scams including text messages, voicemail messages, and messages through social media. 

Just like other types of cybercrime, phishing is evolving and cannot be stopped by technology tools alone. 

“Phighting” the Phish 

The best way to deal with phishing is to manage your weakest security link: your people. At a minimum, every person on your team should understand what phishing is, accept that they are a target, know how to identify an attack, and be able to take appropriate steps when faced with a threat. 

Phishing testing is the best way to improve awareness amongst your employees. This test involves creating a fake email that leverages themes to which your team might be vulnerable. For example, the message could offer a free product leading to a fake landing page or it could ask the recipient to open a file that looks legitimate. The test should mimic the behaviors of a real attack and trigger an alert. The knowledge gained through such an exercise should be used to promote awareness of how easily phishing intrudes our lives and to provide education on preventing attacks in the future. 

You will likely find that failing one of these tests is all your team needs to become more careful in the future. They will see how easy it is to fall for the scam and be wary of such emails going forward. 

Phishing is just too attractive to cyber-criminals for it to go away anytime soon. It is cheap, lucrative, and easy to hide, so they keep attacking individuals and organizations. Instead of expecting phishing to disappear or hoping technology will prevent it, you should empower your people to know how to handle a threat. A knowledgeable staff with an eye on potential attacks is the best way to keep company data safe.  

Don’t let phishing attacks break down your business. Work with a trusted IT partner who is knowledgeable about cybersecurity to develop your plan of action.