The digital workplace has benefited us all through faster communications and the ability to do business anywhere the internet can take us, but it’s also brought along new cyber predators working to infiltrate networks and steal sensitive data.
Email fraud rose 80% from the third quarter of 2017 to the third quarter of 2018. (Proofpoint)
Both email fraud and credential phishing attacks, where malware is planted to steal login credentials, rose significantly in 2018 and the trend continues in 2019. Phishing is the number one cause of data breaches and email is used most often (96% of the time) as the delivery method.
As part of our Modern Office IT support, BrainStomp monitors the health and security of business networks 24/7, preventing costly downtime and dangerous data breaches. We work with businesses to beef up their end user security, which is often the last line of defense against network intrusions via spam and phishing emails.
What can you and your team do to protect yourselves from falling into a phishing trap? We’ve got five vital tips below to help keep you safe.
5 Important Tips for End User Security
Hackers use email as their favorite form of attack because it works. Phishing emails have become more sophisticated, mimicking the look of an email from a legitimate company and often employing scare tactics or promises of a sale to cause people to click before they think.
Examples of common phishing tactics employed:
· “Your email account has been compromised, click here now to secure it.”
· “Please find an urgent purchase order attached and send payment details.”
· “We’ve just processed your (non-existent)order for $375.22. Click here to see more.”
But despite the shady tactics used by cybercriminals, you can protect yourself from spam, scams, and phishing attacks by employing end user security best practices.
Hover Before You Click
Phishing emails will often hide the true URL of a malicious site behind linked text. You can’t see what the real URL is until you hover over it with your cursor. Get in the habit of hovering over all links in an email or social media post BEFORE you click on them to see whether they’re taking you to a legitimate site.
In this example below, this phishing email is designed to look just like one from AT&T, but when hovering over the linked text “right here,” the true URL is revealed to be a fake going to a malicious site having nothing to do with AT&T.
Use an Anti-Phishing & Anti-Spam Software
During the course of a hectic day is when users are most vulnerable to accidentally clicking on a phishing link or downloading a malicious attachment. They’re trying to get through their inbox as fast as possible, and their defenses are down.
A good anti-phishing and anti-spam software can help users out by being on the lookout for any dangerous emails and sandbox anything suspicious, protecting your system from a virus infection and alerting you to dangerous spam patterns.
Use Two-Factor Authentication
One of the main pieces of information that malware-laden phishing emails go after are login credentials. If they can plant spyware on your system that records keystrokes, they can gain login access to any number of company applications and access sensitive data.
Two-factor authentication requires a second factor to login beyond just your username/password combination. This is typically a code that’s sent via text message to your phone at the time of login that has to be entered to gain access to the site or application.
This helps thwart hackers that steal your login credentials, because even with that stolen username and password, they won’t be able to get past the two-factor authentication to breach your account.
Keep Software and Operating Systems Updated
The more users you have, the more chance that all workstation computers aren’t being regularly updated for software, firmware, and operating system updates. It’s easy to hit “remind me later” when an update reminder pops up, but this means your system could be missing important security updates that patch vulnerabilities.
Spammers sending phishing emails often exploit these vulnerabilities, just hoping the user hasn’t applied the latest updates. Using an automated or managed method of keeping all systems updated ensures you won’t fall victim to a breach that could’ve been easily avoided.
Be Suspicious & Get a Second Opinion
Often after an employee mistakenly clicks on a phishing link and downloads a virus, they’ll say, “I thought that email looked strange, but I wasn’t sure.”
When it comes to email security, being suspicious of anything in your inbox that’s not both expected and from an email address you know is one of the best ways to avoid becoming a victim.
Some things to question are:
· If the “to” email address line is to “multiple recipients” rather than just to you
· If the sender’s email address is hidden or unknown to you
· If you receive an email you’re not expecting (i.e. a PO from an unknown customer)
· An email that’s trying to elicit an urgent response
· An email with improper grammar or misspellings
When in doubt, it’s always better to get a second opinion from someone else at your office or an IT pro that you have a help desk relationship with before you do anything else. A few minutes double checking a strange email can save you days of trying to recover from a virus infection.
How’s Your Cybersecurity Situation?
If you got hit with a phishing attack tomorrow, would your network and user security protocols hold up? Don’t wonder, get a security review from BrainStomp. We can take a look at your cybersecurity plan and make any needed suggestions to ensure your network safety.
Contact us today to ensure your security at 260-918-3548 or through our contact form.