CommPRO

View Original

Protect Your Company Against Phishing Attacks

See this content in the original post

For all the benefits email offers as a communication method, most of the messages in people’s inbox aren’t worth opening.  A whopping 85% of all emails are considered spam.  Some spam is merely annoying, but spam can also be dangerous.  Phishing emails are a popular form of spam, and their goal is to steal personal information.  At least 3 billion phishing emails are sent every day.  While phishing can wear many disguises, its primary purpose is to steal from unwitting recipients. Phishing is often the first step in a sophisticated cyberattack.  More than half of all phishing emails contain malware, and ransomware attacks are rising at an alarming rate. 

Cybercrime is truly terrifying in that it can target anyone, even large businesses.  When an organized attack halted 20% of JBS’s meat production, the whole industry took notice.  When NotPetya ransomware demanded bitcoin from FedEx, customers watched their information be stolen from a company they had trusted.

If giant corporations aren’t able to protect themselves against cyber criminals, what hope do small businesses have?  The truth is that most small businesses could not survive a successful phishing attack.  More than 60% of small businesses shut down permanently within 6 months of being targeted.  The reason goes beyond the initial attack; small businesses take up to 6 weeks to recover from ransomware.  While they’re purging their systems of malfeasance, small businesses are limited in their operations.  Furthermore, companies are required to notify customers if their personal data is compromised.  70% of customers discontinue shopping at a business if it can’t protect their personal information.  So small businesses often lose more in lost operation time and consumer attrition than they do from paying a ransom.

How can businesses protect themselves?  The first step is to train employees about the dangers of phishing.  85% of scams rely on human error to succeed.  While training is not infallible, regular coaching can lower the number of employees fooled by suspicious links in their inbox.  The next step relies on verifying all invoices and payments.  Many attacks involve credential harvesting, which can lead to invoice fraud.  Finally, invest in email security programs while keeping a human eye out for discrepancy. 

Phishing awareness begins with your vigilance.