Protecting Your Business from Phishing Attacks – Where to Start

As a trusted technology partner, we talk a lot about cyber security and the importance of making sure that your businesses are protected in the case of cyber-attacks and the actions of bad actors. Ransomware, viruses, and other types of malwares leave lasting effects. Often causing loss of time, productivity, money, and even the loss of the business entirely.

One of the most common and easiest ways that bad actors can gain access to your network and your data is through Phishing. In our next three blog articles, we’ll discuss what exactly phishing is and go in depth about decreasing your exposure and increasing your awareness. Helping you to prepare and avoid the inevitable phishing scam that enters your inbox!

What is this phishing thing anyway?

Phishing is an industry term for an email that claims to be from a legitimate source that you do business with. The email is sent to fool you into giving the sender your account information.

Common examples might be an email that appears to come from your credit card company wanting you to verify your account information. You click the link in the email and are presented with a sign-in page that looks just like your credit card company’s website. However, once you put your username and password in, you’ve just handed an attacker access to your account. They can also try the same thing with other emails pretending to be from Amazon, your bank, and even Microsoft or Google.

The attackers are fishing for your credentials in the hopes of gaining access to your account. From there depending on what type of account they’ve breached; they may immediately try to profit. Like in the case of your Amazon account, they can start by making several orders using your saved information. They can also lay in wait with your email account. The bad actor will simply monitor for a time in the hopes of either netting a bigger fish or using your email account to gain access to other places you might be using that same username.

How do I protect myself?

Bad news first. There is no method to fully 100% protect yourself against phishing short of not using the internet. That’s right, we said it. There is also no foolproof product you can buy or service you can subscribe to that will provide you with 100% protection.  

Does that mean that shouldn’t buy an email filtering product or service? Does that mean you shouldn’t buy security products or services to protect yourself?

No, that’s not what we’re saying at all. There are a lot of good security products and services out there that can help to protect you. The most effective way to stay secure is found by using multiple products, to form several layers of protection. But at the end of the day, your security is no better than the weakest layer of security.

What is the weakest layer of any security implementation? It’s the human layer.

We (and our employees) are our own worst enemy.   All it takes is one mistake, one moment of inattention, and even the most competent and tech-savvy person can easily fall for a phishing scam. That’s what attackers are counting on.

A quote from a panel of cyber security experts at a CYBERSEC Global conference in 2020 sums it up nicely, “Cyber attackers have a huge advantage over defenders because they have few rules to live by and only need to be successful one time out of 100, whereas defenders must be successful every time.”

What can you do to protect yourself? There are a few simple steps you can take that will dramatically decrease the chances of falling for a phishing scam. These steps fit in one of two categories. 1.) Decreasing your exposure. 2.) Maintaining and increasing your awareness.  

The Decrease & the Increase Explained

In technical circles, decreasing your exposure is also called limiting your attack surface. This theory states that the fewer methods that you give someone to attack you, the less likely you are to be attacked. You are probably already implementing this in your everyday life without even thinking about it. Locking your car each time you park it. Locking your house when you leave. Avoiding dark alleyways when walking alone at night. Setting the extra lock on your motel room at night. These are all examples of things you likely already do in your daily life to decrease your exposure to theft and physical harm. What we hope to teach you will be techniques you can use to accomplish the same type of protection online.

There is also the theory of maintaining and increasing your awareness. This is more about simply paying attention to what is going on around you.   If you are walking alone at night, you are more than likely paying a lot more attention to your surroundings than if you are walking with a group of friends in broad daylight. Your own experiences and those you read about in the news have taught you things to watch out for in situations like these. Learning from others’ mishaps is how you continue to increase your awareness. It should be no different when it comes to how you conduct yourself on the internet. Learn from attacks that others have suffered and mistakes that others have made so that you don’t have to suffer from those same kinds of mistakes.

What’s Next?

In the next two blog posts we’re going to take more time to explore these two approaches to cyber security and phishing protection. We’ll discuss tips and tricks, as well as tools you can deploy to keep your network, data, and employees safe. We hope you’ll follow along!

Read Part 2