Here’s a simple process to protecting your firm.
We’ve all seen them. Those pain in the arse emails that range from outright blatant to almost genuine in appearance. Over 50% of recipients get hacked because of them. The cost of a phishing attack can be huge, not just in monetary value either. In 2017, law firm DLA Piper was the victim of a ransomware attack [1] (often spread via a phishing email). Their entire systems were rendered unusable, so they spent 15,000 hours of overtime for their IT crew to try and resolve the issue. With the recent COVID-19 pandemic increasing the amount of phishing emails [2], it’s a good reminder to know what to look out for.
Stay safe – make sure your team follow these 2 simple steps
It’s super simple to provide basic protection:
- When you see a dodgy email, check the sender address. When hitting “Reply To” if you don’t recognise the recipient address that appears, don’t reply.
- Before you make any payments to a new bank account make sure you contact the recipient directly via a known or published phone number to confirm it’s legitimate.
What’s the point of phishing?
With the majority of phishing emails, the aim is to get you to do something with it. That could be opening an attachment (Bobs_Secret_HR_Doc.xyz), or clicking a link (“Protect your account NOW!”). The ultimate goal is to catch you out. Cybercriminals often use phishing emails to steal credentials. If you work with sensitive data, this can end badly.
The fallout from a successful phishing attack can often end up in a data breach. This would then be a violation of GDPR. It’s easy to see then how many SMBs struggle to stay afloat after suffering a cybersecurity attack. The loss of reputation and subsequent fines tend to wipe them out.
Here’s an example scenario: David receives an email from his boss asking him to review a PDF document for an important meeting they’re both due to attend. The email looks genuine, but the attachment doesn’t look like anything David has seen before. Because the email looks legitimate, David proceeds to download the attachment. Little does he know it’s actually a malicious piece of software that is now stealing his details.
All in all, staying alert is important to combat phishing. Look out for spelling mistakes, pushy language & buttons or attachments that you’re being asked to click on. Cybercriminals will always get creative with new ways to target people. Knowing what to look out for means you stand a better chance of fighting them. You are the first (and best) line of defence at your business.
If you would like a copy of the poster, or additional material detailing the risks in more depth, get in touch.
Sources
1 DLA Piper Attack, 2 Coronavirus Increase
