What is phishing – and what can you do to avoid it?

There have been several recent cases of local companies falling prey to phishing attacks in which their email has been hacked with potentially devastating consequences.

The problems have encompassed fake emails from directors being sent to multiple accounts, and false invoices being paid.

The reality is that the problems and the associated loss of time, money and reputation would probably not have happened had the parties involved had the right security measures in place. Here, we run through some potential avoidable security risks – and what you can do to minimise them.

What is phishing

According to a report from late 2019, 75% of executives said phishing emails are among their biggest security concerns. The same report said these decision makers claim training is among the best ways of dealing with the menace of phishing. Yet the report adds that 60% receive training less often than once a quarter, meaning not everyone may be up to speed with current developments.

Essentially, with this cybercrime, victims are emailed, phoned or sent a text message. Someone poses as a legitimate organisation to persuade people to hand over sensitive information like passwords or banking or credit card details. Ultimately, phishing can lead to identity theft plus hefty financial loss.

At Snapchat, for example, a spam email to staff purporting to be from the CEO asked for payroll data, which one staff member then disclosed.

Tactics include lucrative offers that seem (and are) too good to be true, messages which create a sense of urgency, for example telling you only have a short while to respond, or hyperlinks purporting to be to popular websites, but with a single letter misspelt.

Phishing emails are among the most common types of security breaches. And, unfortunately, they’re becoming increasingly complex and convincing.

Data breaches

These involve the release of secure information to an untrusted environment. In recent years, hotel chain Marriott, online marketplace eBay and US retailer Target are among the big names to have experienced serious data breaches.

Ransomware

This is malicious software which can block access to a computer system until money is paid out. This disrupts operations, prevents a business from accessing its information; and it can take a lot of money and time to restore data. Then there is the damage to reputation as well.

Malware

This is software which can damage devices, steal information and generally cause disruption. Malware comes in many forms, from viruses to spyware and Trojans.

What you can do

A 2017 Government survey found that nearly half (46%) of UK businesses had identified at least one breach of cyber security. In 2016, the figure was just under a quarter (24%).

In 2020 the fifth annual Cyber Security Breaches Survey revealed that the extent of cyber security threats has not diminished and that, instead, cyber attacks have evolved and become more frequent.

Among this 46% of businesses that identified breaches or attacks in the last 12 months, more are experiencing these issues at least once a week in 2020 (32% v. 22% in 2017).

The nature of cyber attacks has also changed since 2017. Over this period, there has been, among those identifying any breaches or attacks, a rise in businesses experiencing phishing attacks (from 72% to 86%).

So the threat to staff, customers and others you’re in contact with is very real.

Here are some of the things you can do:

• Make sure staff can identify a spam email and don’t open attachments from unknown senders, or any which are unexpected.
• Ensure everyone changes their passwords at least twice a year, with passwords involving numbers, symbols and case sensitivity. Not even a colleague should know your own password.
• Limit staff access to sensitive information to those who really need it – and remember to cease access when someone leaves your organisation.
• Conduct frequent audits and tests to give yourself peace of mind about your cybersecurity and that your data is safe.
• Clearly all necessary anti-malware and antivirus software needs to be in place on your system, alongside firewalls.
• An information security management system (ISMS) manages all your security processes in a single location, affordably and consistently.
• Check in often with online accounts, even if you don’t really need to, to stop someone from doing what they want with it.
• Keep browsers up to date – once you get an update, download and install it.
• Consider Cyber Essentials Certification – an easy way for businesses to check their set up is secure and re-assure their own customers. Download our easy Cyber Essentials Checklist
• Finally, you may want to consider having ad blockers on all machines.

How we can help

At Epoq IT, we forge long-term working relationships with businesses so that their IT systems make them stable, competitive and able to grow. We can help you, too, with a complete solution for your IT, including cast-iron cybersecurity.

Learn more about our award-winning IT support and consultancy services today