Cybersecurity continues to be one of the key global targets for criminals in a world where an ever-increasing percentage of the workforce is shifting to working from home (WFH), leaving organizations more vulnerable than ever to a wide array of threats.
Of course, some threats are more worrying than others. And for people who use email (that would be an astounding four billion of us every day), the most pernicious attack is phishing.
Indeed, 86% of organizations had at least one employee clicking a phishing link last year according to a CISCO’s 2021 cybersecurity threat trends report. On top of this, the stakes are getting higher: 2021 saw the highest average cost of a data breach in 17 years, up from $3.86 million in 2020 to $4.24 million.
And there is no reason to believe these numbers will go down any time soon.
Regardless of how many cybersecurity layers your company covers (or at least tries to), the bottom line—and the greatest vulnerability—always remains the human factor.
Before implementing security protocols, meeting various technical compliances, or installing all sorts of defensive software, the first step towards safety should be cybersecurity education delivered to all employees no matter their position in the company.
Uneducated staff are the easiest prey for targeted phishing, or advanced spear phishing. While quickly replying to an email that seemingly comes from a trusted source, like a vendor, the financial department, or even your company’s CEO, sounds like a no-brainer to most, that can lead to dire consequences if done without appropriate caution.
With clone phishing, cybercriminals are copying an authentic email that they have intercepted and replacing the genuine links with malicious ones, usually leading to malware installation. In the aftermath, it is not only the recipient who is at risk but also their entire contact list.
Naturally, this type of attack is especially vicious because it relies on the credibility of the original email and its sender. It is advised that users are extra careful when receiving emails with:
- Subject lines suggesting a time-sensitive matter (e.g., “Hurry”, “before it’s too late”, “expires on”)
- Emails that strongly emphasize that the recipient needs to access a link or a file
- Invitations to events or to collect rewards/promotions, especially if the email is re-sent
How to stay safe?
We live in a dangerous world, but that is no reason to despair. There are proven ways to stay on top of phishing threats, no matter how complex. So, let’s quickly summarize them here:
1. Always check the URL
When in doubt, do not click. Hover your mouse over the link to see where the link directs to. If the address showing in the hovered link is not the same as the address it says it is, do not click on it. If you accidentally click on the link, don’t enter any information on the website; simply close the browser window.
2. Lookout for malicious email attachments
Be careful when receiving email attachments. Check the file first by saving it to your downloads folder and check the file extension. If it contains any of the following: .JS, .EXE, .COM, .PIF, .SCR, .HTA, .vbs, .wsf, .jse at the end of the file name, it has a strong potential to be malicious and you should not click on it or try to open it.
Please note: that these are only some of the more common threatful extensions and that there are many other that you should be cautious about.
3. Add powerful email security
Solutions like N‑able™ Mail Assure can help you safeguard your email from phishing attacks. Leveraging collective intelligence for inbound and outbound email security, Mail Assure uses data gleaned from monitoring more than 2 million domains under management. With near 100% filtering accuracy and 24/7 email continuity, Mail Assure processes that data in its protection engine to combine with near real-time, pattern-base threat recognition and a variety of filtering technologies to help protect against spam, viruses, ransomware, malware, phishing attacks, and other email-borne threats.
If this information is helpful to you read our blog for more interesting and useful content, tips and guildelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be asiisting you with your query.
Content curated by the team of COMPUTER 2000 on the bases of marketing materials provided by our partners/vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.