Email security is one of the most important things you can do to protect your network. The spike in the number of phishing attacks are alarming, to say the least. According to a report from PhishMe, 91% of cyber-attacks start with a phish and an estimated one in every 131 emails contains malware. This number is also expected to increase as hackers attempt to use malware, like ransomware, to generate money from unsuspecting people. Now, you’re probably wondering why hackers are even doing this. Are they doing it because they can, to be a nuisance, or for fun? The truth is, the return on investment for a hacker infecting a network with ransomware is over 1000%. When it comes to a business model, having an ROI like this will keep you in business for a long time. So, I don’t foresee this issue going away anytime soon.
While we’ve been reading a lot in the media about major companies like Target, eBay, Yahoo and Sony being hacked, small companies are not immune. As it is today, at least 43% of cyber-attacks against businesses are targeted at small companies and this number will only keep increasing. The reason small companies are being targeted is because hackers assume you are too small to protect yourself, they know you have sensitive data, and they think you are an easy target. The sad truth is, people are usually reactive and not proactive. We don’t think about cyber security until an incident occurs, but by then its already too late.
Unfortunately, phishing is one of the more difficult cyber-attacks to defend against. These social engineering attacks are designed to hack your heart to get to your mind. They rely on emotions like fear, empathy, etc., to get employees to grant the actor access to the information they want. The goal of a phishing attempt is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information. I’m sure that this sounds like a doomsday prediction, but there are steps you can take to increase your chances of survival in this apocalyptic world. The best practice to avoid being phished is to constantly and consistently train your employees on how to identify a potential phish and to add as many physical barriers as possible.
Because phishing attacks have been so successful, cyber security specialists around the world have started doing phishing campaigns in attempt to build awareness within organizations. A phishing campaign can consist of either a single phishing test, or a recurring series of tests done Weekly, Bi-Weekly, Monthly, etc. These Phishing campaigns are very effective because it prepares employees on how to deal with a potential phishing email and, if you campaign frequently, the more alert your employees will be. These campaigns look and feel like a real phishing attempt to your employees, but there isn’t a malicious payload attached to them. The campaign will collect data on your employees to see which ones are more at risk of falling for a phishing attempt. This data can then be used for remediation, or training purposes to keep your company safe.
Tightening your email security is the next step in mitigating your risk. Increasing your spam security and blocking potentially malicious countries from being able to email your company is a good start but, it only goes so far. “Warning: it’s about to get a bit techy.” Your next steps should include enabling your DomainKeys Identified Mail (DKIM) and your Domain-based Message Authentication, Reporting, & Conformance (DMARC). This will keep most spoofing phishing attempts from gaining any traction. It would be like having a bouncer checking tickets to your email inbox. Emails that have the right tickets can get in, and tickets that are fake get tossed out by the bouncer, and rightfully so.
D&S IT Security: YOUR PARTNER IN CYBER SECURITY
At D&S IT Security, we can help you advance your security posture, so that you don’t have to. We keep up with our social media sites to stay up-to-date on the latest tech trends, security information you need to know to stay safe online, and tips and tricks to effectively navigate an increasingly mobile world.