Phishing is one of the most common cybersecurity attacks. In fact, 88% of organizations worldwide experienced phishing attempts in 2019 and, in 2020, phishing accounted for one in every 4,200 emails. Google reports blocking more than 100 million phishing emails every day, and in April 2020, the tech giant reported blocking 18 million malware and phishing emails related to the pandemic alone. So what can you do to protect your business from phishing attacks in 2021?
Educating your employees about phishing emails and the risks they pose to not only your business, but the employee is essential. Conducting staff training sessions with mock phishing scenarios to help reinforce the information is a great option. You also should discuss the importance of being on the lookout for suspicious emails during staff and leadership meetings. Regularly “testing” your employees by sending targeted emails that should be flagged as suspicious is a great way to see if employees are following procedure or clicking on links within the email. This will give your team a better sense of company understanding and compliance with communicated policies and procedures.
Be sure to also provide written documentation that highlights what a phishing email is, how to identify it, and what to do if an employee comes across one. Be prepared to conduct ongoing education to account for team attrition, new phishing techniques, and ongoing compliance.
Be sure your systems are all current with the latest security patches and updates. Conducting an inventory of your enterprise spam/phishing control solutions is a great place to start. This is a critical security measure that could mean the difference between a safe and secure infrastructure that can fight against cyberattacks, and a weak infrastructure that leaves your company vulnerable. No IT professional wants to expose their company to vulnerabilities. Competing priorities and resource limitations, however, can cause costly delays in patching. We highly recommend keeping this task a high priority for your team and business.
Beyond password complexity and expiration timelines, it’s important to develop a strong security policy for your organization. The complexity of your security policy will depend on the type of business you are in; however, the following are some security policies you may include:
These policies help establish a code of conduct and appropriate actions to protect your organization and reduce your risk of cyberattack, including phishing. To ensure you’re fully protected, audit your business workflow and operations for potential points of security risk. Then, cross-reference those points of risk against your established security policies. Next, ensure your policies are updated with the latest information and processes.
In a world where many employees are still working remotely or in a hybrid environment, the risk to company data has never been greater. “Data encryption protects data wherever it lives across the hybrid multi-cloud environment. Once data is encrypted and the encryption key is secured, the data becomes useless to any cybercriminal. If that data is already encrypted, that makes it much more difficult for the malware to detect it and attack.”
VPN provides a secure connection for remote employees to connect with company information and systems. If your employee does not use a VPN connection, however, they could be vulnerable to cyberattack, including phishing. In addition to using a VPN, consider deploying laptop hard disk and email encryption tools to protect your employees from phishing attempts.
Even the best-laid out plans are not foolproof. To quote Mike Tyson, “Everybody has a plan until they get punched in the mouth.” As cybercriminals become more advanced, the risk to your business grows. In the event that your business falls victim to a phishing attack, it’s critical that you have reliable backups of all company data stored safely and securely. Your backups should not be connected to your home network so that if your network is compromised due to a cyberattack, you will still have access to your sensitive information and can restore from those backups.
Protecting your business from phishing or other cyberattacks is an ongoing initiative that requires careful oversight, attention to detail, and clear and consistent communication and education. The more you and your team know about the potential risks and advancements made by today’s cybercriminals, the better you’ll be able to defend against them.