August 7, 2019

Arming your employees against the rising tide of phishing

By
Evangelos Ntsiavos
,
Developer

To many, the term ‘cyber security’ refers to software and monitoring that protects their email, operating system, network, and printing devices from malicious attack or data theft.

While this forms a large and important part of cyber security for a business, what remains lesser known is that it’s a company’s employees that play the most significant role in making sure a business is protected, particularly against phishing attacks.

For a scaling business like Upgrade Pack adding to our team across all departments, providing the proper training and best practices for employees can help best protect our business against any security breaches now and into the future.

What is phishing?

Phishing is widespread in the UK. It is one of the most common types of cyber-crime that targets businesses regardless of their size or sector. 

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. 

Phishing is a type of cyber-attack that most commonly happens through email. In a typical attack, thousands of people receive ‘fake’ emails from unknown criminals asking them to: provide sensitive or confidential information (such as passwords, and bank details), send money to individuals or organisations, or download something that infects their computer. The email usually contains attachments infected by malware or links to a 'spoof website' where attackers try to trick the potential ‘victims' into surrendering sensitive data.

It's important to stress that the increasing sophistication of tactics and ‘smokescreens’ used to cause harm to business operations through phishing means that anyone can be caught out, hence why it’s so important to keep up to speed with the latest phishing tricks and scams, which are regularly updated online.

What does cyber security mean for businesses?

With phishing attacks and other forms of cyber assaults on the rise, business data is more vulnerable than ever before. To combat it, cyber security is necessary for a business to operate efficiently, and critical for protecting customers’ information.  

However following IT best practice goes beyond using the latest technology or software available; it’s about staying ahead of risks and disasters that have the potential to bring a company to a screeching halt. When creating cybersecurity procedures, it’s very helpful to use a multi layered security model.This model begins with the internet and ends with employees.

Employee education

Curiosity and intrigue are innate parts of human nature, and this known fact is understood by attackers who try to exploit this by targeting a company’s employees with phishing activity.

What many don’t realise is most major security breaches involve an ‘innocent’ employee action that enabled hackers to gain access to the system in the first place. To protect your business against this, it’s vital to educate your staff on network security best practices, making your employees the company's human firewall.

We’ve drawn up a list of five red flags for your employees to look out for with a phishing email:

1.Check the sender
Just because an email appears to come from the name of person you know or trust, it doesn’t necessarily mean it is. Make sure you check the email address to confirm the true sender.

2. Personal Information
Is the email asking for your personal information, such as a credit card number? Legitimate companies are unlikely to request something like this in an email.

3. Look out for urgency
Many phishing emails try to create a sense of urgency, making it sound as if there is some sort of emergency (e.g. the CFO needs a £500k wire transfer, a Saudi Prince is in trouble, or someone needs £100 so you can claim you million pound reward). Any email like this should be an immediate red flag.

4. Look but don’t click
Many phishing emails include links to dangerous sites. For emails that raise your suspicions, hover your mouse over the hyperlink without clicking – if the alt text looks strange, don’t click on it.

5. Be careful with attachments
Attackers often try to trick you with a really juicy attachment, a trending item, or known ‘click-bait’ (kitten videos, anyone?) that contain harmful data. A common indicator is an attachment with a long name or extremely large file. If you see this, proceed with caution and check the above signs before opening.

Encouraging adherence to these five steps will help arm your employees against phishing. A sensible approach from your employees operating in tandem with a creditable malware will give your business the best protection in today’s digital world.

Tech