Did you know that 9 in 10 cyberattacks start with a phishing email? Email is the most likely vector for employees to come into contact with a cyber threat, and every business is inundated with email daily. It’s critical that businesses do everything that they can to reduce their risk of an email-based cyberattack landing. Most of today’s most damaging and dangerous cyber threats like ransomware and business email compromise (BEC) are primarily email-based attacks. These six tips can help keep businesses out of trouble.
Remind employees to avoid clicking on untrustworthy links
No one should ever click on unexpected or unusual links in an email message no matter who the sender is. Instead, encourage safe email handling behavior like hovering over the link to see the underlying URL of the link to help determine its legitimacy. Clicking on a malicious link often takes the victim to a malicious login page that bad actors use to steal the victim’s credentials. Sometimes, malicious links can also lead to malware downloads and other bad outcomes.
Never disclose sensitive information without verifying the request’s legitimacy
Make sure that everyone in the organization from the interns to the CEO knows that they should never reply to an email from an untrusted source requesting personal information, sensitive company data or money without verifying its validity, no matter how little information the sender asks for. Invoice scams, in which bad actors pretend to be a service provider owed money, are the most common type of email scam. A simple misjudgment could be enough to jeopardize the organization’s defenses and cost a fortune.
Reinforce the message: Don’t open suspicious email attachments
Always ensure that an email is trustworthy and check for red flags before opening an attachment. Opening an infected attachment can cause a cascade of bad effects like deploying ransomware. Avoid opening unexpected attachments that prompt the recipient to run macros to view them. Enabling a malicious macro can give bad actors control of that computer.
Maintain a regular security awareness training program
Anyone in the company could be targeted in a phishing scam. To ensure that everyone is on their toes, conduct regular security awareness training for everyone from interns to the CEO. Include quizzes in the training so that you can easily determine who needs more help and may be a security risk. Trained users are 30% less likely to click on a phishing link.
Keep all systems up to date
An unpatched software program or operating system is highly vulnerable to a cyberattack. Bad actors love to exploit vulnerabilities, and a zero-day vulnerability can pop up at any time. Ransomware gang Cl0p recently went on a cyberattack spree that snagged more than 100 victims after discovering a zero-day vulnerability. Regularly update all programs and operating systems to benefit from the latest security patches.
Conduct phishing simulations
Train employees to spot and avoid phishing hazards with regular phishing simulations. Even better, customize the content of these simulations to reflect the unique threats that employees face daily. Although security awareness training doesn’t work overnight, it makes steady progress that holds up over time reducing a company’s phishing risk from 60% to 10% within the first 12 months.
Put strong shields in place between your organization and email-based cyberattacks with our innovative, affordable solutions. Give us a call. We can help!
Article courtesy Kaseya