14 Mar How to Protect Your Business Against Phishing
What is phishing?
Phishing is a common and increasingly sophisticated form of cybercrime, designed to lure target individuals into disclosing sensitive information, such as bank details, passwords or other confidential data.
The attacks take the form of emails, website content, phone calls or text messages and include links or requests for information that purport to come from legitimate bodies such as businesses, banks or government agencies. They are often highly convincing.
How to spot a phishing attack
Phishing messages take several different forms and employ different tactics. Some might carry a sense of urgency, requiring immediate or unusual action. They can also contain hyperlinks that look legitimate – however, if you hover over the link, you will be able to see the address begins with “https,” meaning it has a Secure Socket Layer (SSL).
Receiving emails from unusual sources, or emails from familiar sources but containing uncharacteristic language, content or style, or any unexpected attachments – these can all be all indicators of a phishing attack.
What are the risks of phishing to businesses?
Information gleaned in a phishing attack can be used to access business accounts and systems.
The effects on business can be catastrophic. A recent IBM survey estimated that the average cost of a cyber-attack incident on a UK business was £2.9m.
Costs may include immediate financial losses such as defrauded funds, wasted employee hours, responses and repairs to systems, legal fees, lost revenue, compliance fines and compensating clients or partner organisations if their sensitive information is compromised.
There are also longer-term cost implications such as loss of intellectual property, and damage to your reputation and client confidence.
How to protect your business from phishing
Some phishing attempts can be dealt with using basic security measures. Spam filters will sort some potentially fraudulent emails into a separate mailbox. Browser settings are also crucial for detecting and blocking fake websites.
However, the most important online security measures that can benefit your business are employee knowledge, engagement and vigilance. To create and sustain a culture of good IT security behaviours and best practice, investment in ongoing training is key.
Benefits of Phishing training
Once staff are informed about the dangers of phishing attacks and how to spot them, they are far less likely to fall victim to these incidents of cyber-crime, reducing risk to your business. Effective training will include information about how to examine communications carefully for any suspicious signs, before clicking on links or opening attachments.
Urban Network security test and phishing training
Urban Network offers phishing security training and testing, which tests users over four weeks. The test features customisable content that can be adapted to your business model. It highlights red flags missed by users, shows you how your organisation compares to others within your industry and provides you with statistics about your phishing risk.
Once the test is completed, we then provide ongoing training, using market-leading tools and expert knowledge, to alert your staff to the signs, risks and implications of phishing scams. We offer continuing refresher training to keep your teams ahead of the game, as the methods used by hackers continue to evolve.
To find out more about our testing and training services, or to discuss any aspect of your cyber security or IT needs, contact us.