Email ‘Phishing’ has been around as long as email has been with us. How many of us are old enough to remember emails from ‘Nigerian Princes’ who needed our bank account details in order to help them out, and for which we’d get handsomely rewarded?
‘Spear Phishing’ was the next development, targeting attacks at specific individuals. Most recently we’ve seen ‘Whaling’ take place, where those with the most money are targeted – think company directors and ‘C Suite’ execs.
Fraudsters use phishing for three reasons:
- Financial gain
- Ransomware distribution
- Information gathering
Whatever the reason, be warned that emails can look VERY credible. Yes, we often see emails with dodgy English and graphics, but this is NOT always the case. Use extreme caution whenever you are asked to supply information or click on a link.
And don’t be tempted to react to a request for immediate action – ‘do it now or your account will be closed, etc, etc…’. Urgency is used to scare us and neglect normal processes.
REMEMBER: 91% of successful data breaches start with a phishing email!
Take a look at our latest video where Rupert gives details of phishing and how you can avoid being caught. Chances are you will have seen at least one of the examples within your own email, probably more!
If you’re in a leadership role you have responsibility for ensuring recognised email security is in place which includes:
- Active threat protection
- Link protection
- Restricted access and usage monitoring
- End-user notifications
But responsibility does not end there. Processes need to be established for actioning security AND reporting breaches. Staff need to know the process for reporting a breach but also feel confident to do so – picking up the phone to check that an email request is correct must be seen as the norm rather than a hindrance. The human element of email security needs to include:
- A no-blame culture
Finally, ensure that you take notice of warnings and carry out phishing testing (think fire drill, but for email security). Regrettably, IT Security cannot be ignored – it is vital to any business that wants to remain safe, secure and productive. But the burden need not rest entirely with you – Net Primates offer extensive IT Security plus training, policy advice and testing service.