Even with all the modern technology evolving in the business world, emails are still one of the most relied on mediums of communication. It is critical to ensure the security of email, as it could lead to the downfall of your company.
In this article we will discuss Phishing attacks and what we can do to avoid them.
As more businesses transition to online platforms, this opens areas that can be exploited. A phishing attack occurs when an attacker impersonates a friend, a business, vendor or employer to trick the victim into opening either emails or text messages. An example email could be:
“This email has been automatically generated by…,
Your company has recently breached the terms of GDPR (General Data Protection Regulation). Download this document to view the full extent of this breach *insert link*.”
This email would contain a malicious link which could contain a virus, keylogger or other software that an attacker could use to access your companies’ data.
Types of phishing attacks:
This type of attack focuses on a specific user within the company, such as a finance person. This would give the attacker broad access to company data. Attackers will normally target people that have access to multiple departments to allow them to gather as much information as possible.
Attackers use this method to target the bigger names within a company, such as the CEO. They can then use the CEO’s email address to easily pose as a trusted source and infiltrate different areas of your business.
This type of attacks happens via telephone. Attackers will phone the target and pose as a banking or Microsoft employee to steal information. This could lead to attackers gaining financial/company data.
Mitigating Phishing attacks:
Email Protection Software
This is an overlooked step in detecting suspicious emails. Certain types of software can be used to identify and flag phishing emails. It can also be used to detect spam and other malicious emails. This is a good first step for a business to implement as it brings awareness to users of what to look out for.
Train your colleagues
The most important/most overlooked way to stop phishing attempts. Spending time to train your colleagues and make them aware of different attacks is a crucial step in preventing attacks like this from coming to fruition. Training days are best to be held bi-monthly and should contain an element of interaction. It is much easier to spot phishing attempts when you have been exposed to them.
3: Choosing the right phone platform
There are a multitude of services available for business users to suit their needs. Ensuring your company is using the correct phone system with the ability to implement preventative measures is key to ensuring the safety of your data.
Indigo offers a variety of services which cover all areas discussed in this article.
One of our partnered companies, 8×8 offer features such as VoIP calls, video conferencing and an app available for desktop and mobile, allowing for calls to be taken from anywhere. In terms of security, 8×8 offer call analytics to their customers along with call recording. This is useful for monitoring call traffic and identifying potential attacks. These numbers can then be added to a block list by our dedicated faults team.
Email protection software
Avanan is a cloud email security solution which is used to monitor cyber-attacks. This software has been built to detect distinct types of malicious emails such as spam and phishing. Once an email has been flagged as malicious it will be quarantined. This email can then be reviewed to either be released from quarantine, deleted and/or blocked from sending emails to company addresses. This allows your colleagues to see what kind of emails are classed as spam/phishing attempts and brings it to their attention along with the additional security net.
If this article is something you would like to learn more about, please contact firstname.lastname@example.org.