Hackers use dozens of methods to attack businesses, but few are more common than phishing. Phishing is also one of the oldest methods of hacking and has been around since the earliest days of the internet.
Anyone can be a target (or even victim) of phishing, but the consequences for businesses can be larger than for an individual if the attack leads to an entire systems breach. Here is a business guide to phishing, how to identify it, and what to do to prevent becoming a victim of this common hack.
What Is Phishing?
A phishing attack is a type of security threat in which a hacker attempts to trick someone into providing sensitive information. The goal is to get info that can then be used to access other sensitive information, or even gain access to a business network. There are several common types of phishing:
- Embedded Links in Emails: A user receives an email that appears to contain a link to a reputable or typical business site (like a login screen), and accidentally provides a hacker with their credentials.
- Masked-Identity Information Requests: By email (or even by phone), a hacker pretends to be someone they are not (such as a bank or vendor), then requests sensitive information.
- Malicious Email Attachments: Trojan viruses or other malicious attacks can be installed unintentionally on a business network through opening email attachments (.doc/.docx, .xls/.xlsx, .pdf, .zip, and .7Z files are the most commonly used malicious attachments).
Today’s phishing emails are often very convincing. One recent (and effective) phishing instance involved what appeared to be a UPS tracking email. This email included a link where a user could supposedly track their delivery, but which led to a fraudulent address.
Aside from a robust network security system, individual employees themselves are one of the best defenses against security breaches from phishing emails. With proper education, users can understand how to identify a phishing email, what to do if they receive one, and how to avoid becoming a victim.
Best Practices for Email Security
Effective business security relies on a combination of prevention and response strategies. Here are some of the industry best practices related to email phishing:
1. Learn about phishing attacks and strategies
Businesses should train and run phishing simulations with employees to educate them on real-life scenarios and strategies. Staff should also feel comfortable alerting admins or IT to any suspected phishing emails they receive. If something seems suspicious, report it and/or confirm with the sender that it’s legitimate. Even if you recognize the sender, it’s a good idea to contact that person and confirm any attachments prior to opening anything.
2. Use email content filters to limit exposure to phishing
Content filters can automatically move many phishing emails directly to a spam email inbox, adding another layer of prevention to a business’s security system.
3. Protect the system with firewalls, web filters, and anti-malware software
Even with the best education and training, prevention strategies can fail. Hackers are always coming up with ways to make emails look that much more convincing, or websites that are fully identical to company login pages. This is where systems security tools become critical.
Even if a user clicks on a link in an email, or accidentally downloads a malicious attachment, there are still opportunities for a business to protect itself. Maintaining a comprehensive security system with the latest updates for firewalls, web filters, malware prevention applications, and backup/business continuity & disaster recovery solutions can help save businesses when human error inevitably occurs.
Helpful Hints to Avoid Becoming a Victim of Phishing
While there is a lot of content on user education about phishing emails, employees can avoid most attacks with a few simple tips. Here is a brief cheat-sheet of safety recommendations:
- Always be suspicious of emails: If something feels off, there’s probably a reason. Users should always alert admins of emails from unknown sources, especially those containing attachments.
- Never provide sensitive info over email: Users should understand that banks, IT vendors, or even the company custodial partner will never ask for sensitive information in an email.
- Preview URLs and addresses: Hovering over sender emails and links can reveal the true addresses. Never click on a link starting with an IP address and remember, the only part of a URL that matters is the part just before .com—everything else is irrelevant! (Example: https://google.com vs https://google.support.ITspecialist.com—the second link should be regarded as suspicious!)
- Block high-risk site categories on the business network: To improve prevention of phishing emails altogether, users should not be visiting click-bait or social media sites on a business network.
- Test users regularly: Staying educated is important, so take advantage of training and tests to make sure employees stay sharp and aware. Check out safe.page for resources and a simple quiz on basic email safety.
Phishing, along with every other form of hacking, is constantly changing and adapting. Malicious cybercriminals are constantly finding new ways of exploiting users and gaining unauthorized access to systems in creative ways.
One of the best methods of staying abreast of all these changes is to partner with a security expert. By outsourcing part or all of a business’s network security, companies can stay in control of their systems, be aware of changing methods of security breaches, and benefit from the latest in enterprise security solutions.
At CDS, we have been providing businesses with security expertise for over 40 years. Contact us today to learn more about how our solutions can protect your business.
CDS has offices in southern Illinois, central Illinois, northern Illinois and St Louis Missouri ready to meet your needs.
CDS Branch Locations:
- Bloomington Illinois
- Champaign Illinois
- Chicago Illinois
- Marion Illinois
- Peoria Illinois
- Quincy Illinois
- Springfield Illinois (headquarters)
- St. Louis Missouri