Phishing attacks continue to be one of the most popular and efficient types of social engineering attacks used to cause data breaches. It’s estimated that 3 billion phishing emails are sent every day in 2021. Phishing emails take advantage of a person’s trust to gain access into the corporate network and it’s extremely difficult to stop because it is typically delivered through email, which must be enabled for business to take place. However, there are many mitigations that you can put in place to reduce the likelihood of users seeing these emails and limit the damage that may be done if they do see the email. Here are some tips for protecting yourself against phishing scams:
Security Awareness Training
The best thing you can do to protect your business from phishing emails is to educate your employees. Your employees should get security awareness training on how to identify, report, and handle phishing emails that come to their inboxes. Phishing emails are designed to manipulate and trick users, which is much harder to do when your employees are well educated.
Scan Email Attachments
You should invest in security software that will scan malware attachments to see if they are malicious. Many times, people will disguise malware as word docs, excel sheets, pdfs, etc and attach them to emails. It’s estimated that as much as 90% of cyber-attacks are delivered via email.
Have a no macro policy
You should have it as part of your corporate policy where you don’t enable Macros on Microsoft products except where necessary. One attack technique a hacker can use is to create excel Macros and attach them to word files. Once these macros are enabled and run then the malware will be executed and infect the system.
Enable MFA
Where possible user accounts should have MFA, this way if someone is redirected to a fake site and their login credentials are stolen the attacker won’t be able to hijack the account. One way that companies do this is to combine MFA with SSO so that users can log in to multiple corporate accounts with one ID and still have the benefits of being protected with MFA.
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.