Those organizations that you might assume are the most secure suffer from the same weakness as every other company: basic security knowledge. Even those on the campaign trail, despite rampant political hacking attempts, are failing to address email security. The topic of cybersecurity is heard but not addressed, and even if the rules of keeping personal and professional information secure are understood, they are not taken seriously. When 90% of cyberattacks now begin with a phishing campaign, it’s clear that hackers have noticed as well. Email security is not being prioritized, and data breaches are a common result.
Phishing attacks are hard to identify.
Ongoing training is critical for everyone within an organization because phishing attacks are becoming more advanced each day. An employee may not think twice about a request to update a password for a commonly used website, or to submit private information to what appears to be a vendor. Employees blindly trust that an antivirus program will weed out the spam in their digital mailboxes, without considering that an email could be a phishing attack.
The two most common types of phishing attacks:
- Mass phishing – Although hackers are fond of specific targets, it doesn’t change the actuality of mass emails being sent company wide. It only takes one employee to offer credentials or click a link and the attack will have been successful.
- Spear phishing – This cyberattack targets individuals or specific groups of people that have desired information. The hacking attempt looks legitimate because the message is likely relevant and tailored to the intended recipient.
Preventing phishing attacks starts with best security practices.
Educating staff is essential in stopping phishing attacks, and it needs to be more than a brief presentation or a handout. Cybersecurity training should be comprehensive and provided on a regular basis, to communicate updates and these reminders about best practices:
- Secure personal information – Do not use the same password on multiple devices and at multiple sites, including personal networks. Hackers can target specific individuals and explore networks like social media to gain information. Passwords should be complex and changed periodically, and double authentication should be applied whenever possible.
- Use available malware and virus protection programs – If professional devices are asking for updates, make sure employees are not ignoring prompts. Also encourage employees to secure their personal devices and provide accessible security options. By incorporating best security practices into their personal lives, employees are more likely to implement these practices in their professional realms.
- Use secure networks only – It can be tempting for employees to sign in quickly to an office network at home, even if it is to innocently check an email. Unsecured access, however, can give hackers the opportunity they need to infiltrate secure networks.
- Be aware of threats – Train employees to be suspicious of emails requesting private information, such as credit card details. If an email requests immediate action, then a moment should be taken to confirm the request. Nothing is so immediate that your employees can’t take the time to verify a request with a supervisor.
Your employees can be your biggest risk, but they can also become your strongest defense against phishing attacks. Knowledge is the first step in preventing data breaches, and by educating employees regularly, you can establish a culture of best security practices. Download the thinkCSC email security guide to get started.