Phishing is a type of cyber-attack that relies on email. The attacker devises a message that convinces the recipient to download an attachment, click a link, go to a web page, or fill out a form. In an attempt to gain trust, the sender’s email address may indicate someone known to the recipient such as a colleague at work. Or the sender’s email address might indicate a government agency, or a reputable company the person has done business with.
What’s at Risk When You Click
Whatever the case, the true intent of the email is to trigger the download of malware onto the unsuspecting person’s computer. The purpose of the malware varies. It might scan other systems on the network to collect sensitive information, use the systems to launch attacks on other companies, or encrypt files on connected computers until a Bitcoin ransom is paid for the decryption key.
When malware strikes, it can do serious damage to an organization in terms of its ability to continue doing business, reputation, market position, and stock price. A data breach caused by malware can trigger fines by regulatory agencies, plus class-action litigation and restitution to customers harmed by the sloppy handling of their personal information.
Antivirus software, firewalls and intrusion detection systems may not always protect your organization from phishing attacks. In fact, unsuspecting employees continue to be the weak link that can render even the most elaborate and expensive cyber security systems useless.
Next Steps
All this points to the need to train employees to become more aware of what they are doing online, such as pointing out the dangers lurking in seemingly routine emails, and then assessing the potential ramifications of their potential carelessness to the company and their jobs.
Such training should include how to recognize a phishing attack, a reminder to steer clear of clicking links in social media pages, and alerting them to be suspicious of conversations and transactions initiated by others.
Training should be reinforced periodically and tested with simulated phishing emails to check how employees respond. The results can be used for determining the need for follow-up training and for assessing the organization’s overall security posture.
If your company doesn’t have this kind of expertise, MABC has partnered with KnowBe4 – a leader in best-in-class phishing simulation and training. Their programs help your employees make smarter security decisions that will better protect your business from real and emerging social engineering threats.
Don’t let a phishing attack catch your people off guard… Start security awareness training now. Contact MABC today at: Portsmouth (757) 673-2200, Richmond (804) 273-6500 or click to email.