Photo by Annie SprattOriginally Posted On: Protect Your Remote Team and Your Organization From Phishing Threats — Sixwatch | Cyber Security | IT Services | Tampa | St. Petersburg | Florida
Did you know that credential theft, social attacks, and human error cause 67% of data breaches? One security event can stop your production for days to even weeks.
So, what do you need to do to fortify your company’s phishing protection? Continue reading to learn how to defend against this threat.
What Is Phishing?
Phishing uses email to collect data including credit card numbers, passwords, and more. These “innocent” emails entice users to click on links or open attachments. The user recognizes the mocked-up site, clicks, and unknowingly releases malicious code.
Risk of Phishing Attacks with Remote Workers
More people are working remotely since the COVID-19 pandemic. From March to July 2020, about half of all data breaches involved phishing attacks. An October 2020 report stated, 82% of IT executives rate remote workers as the greatest phishing risk.
Of remote employees interviewed, over 78% reported getting phishing emails between March and July 2020. Also, 68% said they clicked on a link or downloaded an attachment.
Common Phishing Strategies
Understanding how criminals work helps develop defense strategies. Attackers use several approaches. They may place an embedded link that redirects users to an unsecured website. Then they collect sensitive security data such as passwords, user ids, security answers.
Many hackers “spoof” sender addresses so they appear to come from trusted sources. They use legitimate links to bypass detection filters. Fake landing pages mix benign and malicious code to evade Exchange Online Protection.
To trick Secure Email Gateways, they employ “time bombing”. This uses shortened legitimate URLs that redirect victims to the phishing landing page. This happens after the user has already put in their credentials.
Most phishing emails are short and sweet. They may use an image instead of text to avoid detection.
How to Increase Your Phishing Protection
Hackers target employees via laptops, phones, and other devices. The following steps provide tips for how to protect your company from email phishing.
Education
All employees must complete training that includes mock phishing scenarios. Teach the following signs of possible phishing emails:
Repeated grammar and spelling errors
Shortened URLs
Blank emails with only a link
Emails that sound too good to be true
URLs that are slightly different than usual
Links in emails telling you there’s suspicious activity on your account
Employees who feel uneasy about the information or links in emails should check independently. Instead of clicking, hover over the link and see if it looks fake. Open a new tab and search for the information separately or call the company and ask about problems.
Disable Macros
In general, disabling macros helps reduce risks since they’re often exploited. Hackers use macros to execute malicious code and “drop malware payloads”. Microsoft Office’s newer versions disable macros automatically.
Multi-Factor Authentication
Multi-factor authentications provide protections against cyberattacks on many different fronts. This process continues to increase in sophistication. Some solutions include biometrics such as keystroke patterns, fingerprints, and more.
The goal is to move security authentication away from “what you know”. Since hackers can gain access to user information, biometrics adds more protection.
Are You Looking for a Solution to Defend Against Cyberthreats?
If you have remote workers, it’s vital to optimize your phishing protection. Sixwatch offers 24/7 security support and response for our clients. We also offer on-demand cybersecurity awareness training for your employees.
For businesses that aren’t confident about their security stance, we’ll conduct a security maturity assessment. We combine the foundational technology, products, and security management you need. Contact us today to learn how Sixwatch can secure your business data.
