According to the FBI, ransomware payments for 2016 are expected to hit a billion dollars; this is up from $24 million paid in 2015. IT Security is nothing new to professionals, but never have organizations and people been subjected to fraud at such a high density as they are today (and will continue to be in the future). The digital world is quickly growing and with this so will the number of sophisticated attacks. According to Wombat Security’s 2016 state of the Phish report, 4 out of 5 organizations have experienced phishing attacks, and the frequency of those attacks is increasing.
In a recent study by IBM, 70 percent of executives said their company has paid to resolve an attack, with half of them paying over $10,000 and 20 percent paying over $40,000. Many people say they wouldn’t pay, but what happens when it comes to your business critical information such as financial records, customers’ records, intellectual property or business plans?
More and more cyber-criminals are using phishing attacks to spread dangerous malware and ransomware because of their natural habit of being easily disguised from users. A phishing attack is the attempt to obtain sensitive information (indirectly to acquire money) by disguising as a trustworthy entity in an electronic communication. Any organization – big or small – can be targeted for a phishing attack. Attackers will spread the messages via mass email campaigns. The attackers do this because even a small success rate over a large number of attempts will still generate profit.
It is so important to stop these phishing attacks before they start. Preventing losses starts and ends with the support of your organization’s users. To do this, users must understand what habits they need to learn to detect risky emails.
Below is a list of good email habits that users should follow to become more vigilant:
Double check before you click
Hover over any links in an email to see the destination of the URL before you click. Many times, attackers will hide links in email text with call to actions like “click here to confirm”, “fill out this form” or “click here for more information”. If you are not familiar with the links destination, don’t click.
Verify with the sender if you’re unsure about an email
Many times phishers will grab a list of executives and target company employees by impersonating those executives. If the email seems out of the ordinary, check with the sender to confirm the legitimacy of the email.
Most phishing emails will contain spelling errors, vague requests, misleading headlines or have weird groups of people in the “to” sections. If anything seems suspicious or misleading, check with IT first before downloading attachments.
Avoid sending confidential information over email
It is best practice to just not send confidential information over email. Information that hackers might be asking for is passwords, W-2s or banking information. If you get an email with these requests, talk to a member of IT before pushing send.
Minimize personal information online
If a phishing attack is targeted, often hackers will get personal information from online to make the messaging sound a bit more personal and believable. Make sure you aren’t posting phone numbers or anything else that a phisher can impersonate to use against you.
Never enable macros
Phishers like to hide malware in Microsoft office macros. They will hide the malware code into an office document so it looks harmless. Once you enable macros, the malware becomes activated and infects your computer.
Enable End point security software
Unfortunately, the truth is that you can never be 100% secure. No matter how many tools or tactics you learn, if there is a will there’s a way and a hacker will be able to get in. Your organization should have endpoint security software on your machines that will catch and stop malware before the damage is done.
NetServe365 is a Pittsburgh based managed services provider that has core competencies in 24/7 Network and Server Monitoring and Management, Cloud Computing, IT Consulting, and Managed Security. Contact us today for a free consultation on how our security services can protect your organization.
You may be interested in…
- Patch Management: Essentials and Best Practices
- 5 Steps to Avoid a Cryptolocker Ransomware Attack
- Keys to an Effective Disaster Recovery Plan