Don't fall for the lure: Protect your organization from phishing attacks

Don’t get tricked by a cyber criminal’s phishing bait. Make sure you're protected from attacks by following these Milner tips below. For more tips to help employees stay up-to-date on email security best practices download our Email Security Tipsheet.

In 2021, 80 percent of security incidents and 90 percent of data breaches stem from phishing attempts.

As part of our National Cybersecurity Awareness Month series, this week we are talking about the most common cause of data breaches: cyber phishing attacks. Despite all other threats to your SMB being equally frightening, a successful phishing attack can be especially dangerous, especially as we approach the holiday season, which has become prime time for cyber scams.

1. The Live Bait: Spooky, So-phish-ticated Attacks

   As hackers seek to take control of organization data, they are developing increasingly sophisticated cyberattacks to obtain employee records, bank details, and supply chain details. Nearly 83% of their organizations were victims of phishing attack attempts in the last year alone—a significant increase from previous years. The consequences of successful phishing attacks can be costly: in 2021 almost 60% of infected organizations paid up, some more than once. Glaringly, only 54% of those who paid up regained access to their data and systems without paying additional ransoms.

   So, what does that mean for small and mid-sized businesses? For one, cybersecurity precautions against phishing must remain top of mind, especially if your organization is powered by a remote or hybrid workforce. Knowing the basics, like how phishing attacks work and how to prevent these data breaches due to phishing schemes can go a long way to keeping your organization’s data secure.

2. The Trick Click: Beware the hidden monsters hiding in your emails

   Most commonly, phishing attacks occur through email, and like good Halloween monsters they prey on your fears. Cybercriminals will create fabricated scenarios, pretending to be someone they are not, in an attempt to attain sensitive or valuable data. Like a great Halloween costume, the more authentic the message, the better the reaction, and the more likely the victim is to succumb to the successful phishing attack.

   Hackers often use recognizable brands to make their emails look legitimate. Emails may appear to be invitations to join a digital platform from another employee, links to perks for new employees, password updates, emails from law enforcement, overdue invoice reminders, or other automated notifications. In 2022, the most frequently impersonated brands in phishing attacks were some of the most trusted: LinkedIn (52%), DHL (14%), Google (7%), Microsoft (6%), and FedEx (6%). The top malicious email attachment types are .doc and .dot which make up 37 percent; the next highest is .exe at 19.5 percent.

3. End the Defense Suspense: Fight of phishing attacks from all sides

   To be most effective IT departments and managed service providers will employ a multi-pronged approach to ensure that they are able to defend against phishing attacks. Beyond traditional firewalls and strong password protocols, at the company level, IT teams might consider:

   • Put scanning, monitoring, and blocking tools in place to detect and block malicious DNS requests, as well as block malicious files from making it through the network.
   • Implement endpoint security that destroys malware.
   • Utilize multi-factor authentication to make it tougher for security breaches due to compromised credentials.
   • Deploy phishing “tests” to determine whether or not efforts to educate employers around cybersecurity risks and best practices are effective.

   However, defense against phishing attacks requires vigilance from everyone in an organization. Here are a few tips on how every employee can also help to prevent data breaches through phishing:

   • Starting with the basics, be extremely cautious about clicking links in emails. Even if you know the sender (or it appears that you do), you should hover over a link to preview the URL. However, sometimes, even this can be fabricated to look legitimate, so when in doubt, go to the site through your browser instead.
   • When entering sites, especially where you need to input information, look for the secure “padlock” icon in the URL search field.
   • If your device’s operating system, security software, browsers, or other company platforms are pushing notifications for updates, don’t ignore them. As companies stay on top of cyberattacks by patching "holes" in their security, failing to run updates can put your accounts and devices at greater risk, making you the weak link for hackers.
   • Be very wary of browser pop-ups. If your browser doesn’t already have one, ask your employer’s IT team or managed service provider if they recommend any particular ad blocker.
   • Rotate passwords often and opt to use multi-factor authentication whenever it is available. Sometimes accounts are compromised without your knowledge, so keeping passwords updated can thwart off cybercriminals that were holding onto your credentials.

4. Procure the Phishing Lure Cure

   Especially for small and mid-sized businesses, guarding against today’s sophisticated cyber attacks can be a tremendous undertaking. Milner offers IT security solutions to clients in a wide array of geographic regions and sectors, including antivirus and malware protection, installation patches and updates, antivirus and malware protection, remote monitoring and remediation, and live help desk support 24/7/365, managed detection and response, IT security audits, and end user security training, and proactive threat management.

You can never be too sure that your organization’s critical information is safe and secure from what’s lurking in your emails. Contact our managed IT and cybersecurity experts today.