At Biscuit, we have experience with dealing with all kinds of cyber-attacks. Everything from viruses to sophisticated site-wide attacks. One of the most dangerous experiences that businesses now face come from phishing attacks. These attacks are usually facilitated by user error and have increased dramatically since more people started to work from home.
The thing about phishing attacks is that they are mostly preventable if your team remains properly informed. The damage that they do is immense though.
75% of organisations around the world experienced a phishing attack in the past year and 22% of all data breaches are caused by them. In total $1.8 billion was lost to phishing attacks in the past year, with the majority of victims being small or medium sized enterprises. The average attack costs $80,000 to recover from. These stats sound scary, and they are, but businesses can prevent them from happening with minimal stress.
Here’s our guide on how to train your team on how to spot a phishing attack and the ways to avoid them.
What a Phishing attack looks like
90% of businesses claim that they carry out some form of training to prevent phishing attacks. This isn’t true, but it’s easier to implement this training than you might think. 95% of phishing attacks are sent via email, so your inbox is the perfect place to start training.
Spotting a fraudulent email is all about knowing what to look for. There are some clever scammers out there, but most have some tell-tale signs that your team can easily identify.
Generally fraudulent mail will be from addresses that are full of strings of letters and random numbers. To provide themselves with a sense of authenticity, cyber criminals start their email with the name of an established company. An example of this would be this very common email header:
Google Pay: Payment sent
If you take a closer look at the address that sends this email it will not be from one ending with @google.com. Instead, it could be anything from a string of letters or numbers to something similar, like @goggle.com.
Most phishing emails also feature a link, this is their way of accessing your details. The destination of this link will usually be displayed or can be shown if you hover over it with your cursor. Once again if this link doesn’t end in google.com, or the expected address from who claims to be sending you an email, don’t click it.
Finally check the content of the email. If the email mentions passwords, payments or security details, be very wary. Bear in mind the below disclaimer from Google’s website, most large companies have a very similar policy:
“Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link. If you’re asked to share sensitive information, it’s probably an attempt to steal your information.”
How to prevent fraudulent content from appearing in the first place
These tips should help your team to avoid the vast majority of phishing attacks, but it only takes one individual error to compromise your data. Therefore, we believe it is more important to stop these emails from arriving altogether. Thankfully, we know how to get this sorted.
Small to medium sized businesses are considered easy targets by cyber-criminals. This is because they don’t have the infrastructure to effectively respond to an attack. The solution to this issue is a managed IT service.
This essentially equips SMEs with their own personal IT team, trained in cyber-security, who can implement the right processes to protect their business. One of the tools that they use are specialised email security filters.
Our systems scan all incoming emails, blocking unwanted spam and phishing attempts from ever reaching your inbox. This can spot even the most sophisticated phishing attempt, so you don’t have to.
We can also provide a full technical training course for your staff, complete with cyber-security procedures. This guarantees that you’re fully up to date with the latest security procedures, and we can tailor each training course to the technology that your team uses every day.
Finally, if the worst happens and a cyber-attack does hit your business, our backup and disaster recovery service can make sure that your data can be restored in case it is compromised. This service is here to provide you with full peace of mind.
We’re here to help
Overall, the risk of phishing attacks is huge, but manageable. With the right IT management, your team can work at their best safely and securely on any device and in any environment. At Biscuit, we aim to keep teams safe proactively, not reactively. That’s why we place large emphasis on services like spam filters and training that prevent issues from arising in the first place.