A recent article in Dark Reading, a leading cybersecurity news site, stated that more than 90% of malware (such as ransomware) is delivered by email. The cybersecurity experts over at FireEye report that in 1 out of every 101 emails are sent with malicious intent.
But malware isn’t the only threat delivered over email (and, according to the FireEye report, only comprises 10% of malicious emails). There’s also phishing, which tries to steal your login credentials by providing fraudulent information.
Luckily, there’s a new way to block and avoid phishing email attacks using today’s latest cybersecurity tools and training techniques. Get the facts in today’s article.
That Dark Reading article we mentioned earlier also states that the average employee doesn’t go two full days between receiving phishing messages, and it mentions that more than half of malicious emails contain the word “invoice” in the subject line.
This is known as “invoice phishing,” and it’s a huge problem.
“Invoice phishing” is a specific subtype of phishing attack, in which cybercriminals send fake outstanding invoices from well-known companies with a link for you to access and pay your invoice. The link leads to a fake payment page that criminals use to steal your payment data.
Other common forms of phishing include:
As we stated earlier: your employees are receiving these attacks more often than every two days on average – and clicking on just a single one of these can lead to a costly data breach or theft of your hard-earned revenues.
Fortunately, modern tools and techniques can help you prevent these damaging phishing attacks.
To prevent phishing attacks, cybersecurity professionals recommend a two-pronged approach: (1) Use an Office 365 solution built to help you defend against phishing emails, and (2) train your employees not to click on the small number of malicious emails that slip through the cracks.
Let’s talk about these options.
To combat the threat of email cybersecurity issues, Microsoft released Office 365 Advanced Threat Protection (ATP), which protects you and your staff from harmful links, malicious attachments, and spoofed emails used in a BEC attack.
If the email and its attachments pass these virtual tests, the email is passed along to you or your staff for safe access. If the email doesn’t pass these tests, it’s blocked to protect you, your employees, and your business data.
Office 365 ATP is impressive and stops a lot of malicious email attacks… but no software is 100% perfect all the time. There’s always a chance that a really crafty phishing email will manage to elude the anti-phishing tool – and if that were to happen, you’d have an active email threat inside your system.
Your last line of security defense is your employees, which is why most careful business leaders also choose to train their staff to identify and avoid clicking on phishing emails.
The best way to educate your employees is to clearly teach them about the dangers of phishing and provide real-life examples of what these emails look like. The real-life examples are key because modern cybercriminals are much more sophisticated in their methods than they used to be; badly worded Nigerian Prince scams aren’t going to fool anybody these days.
Once employees know what to look for, and why, it’s a good idea to reinforce their training by sending out test phishing emails and seeing how various staffers respond. For the employees who consistently click, you’ll know you need to gently (but clearly) repeat the training, so they get the message. Eventually, through repeated training exercises, everyone at your company can become an anti-phishing star and you’ll know your organization will be that much safer from the many email cybersecurity threats out there.
If you’d like to set up a phishing training program at your workplace or learn more about Office 365 ATP, just get in touch! We’re happy to set you up with proven tools that defend against phishing, along with techniques that have helped companies of all sizes build up their email cybersecurity awareness skills.