We've all received those emails from a Nigerian prince who will gladly give you $10,000 if you just help him complete a quick wire transfer. This old trick has been so played out, we're all smart enough to avoid it.
But what about the email that looks like it comes from your boss, asking for a routing number, or the security alert about your bank account asking you to confirm your account information?
Phishing has advanced to a complex game that we all need to be aware of, no matter what industry we’re in.
What is Phishing?
Phishing is defined as “the fraudulent practice of sending emails purporting to be from a reputable source in order to induce individuals to reveal personal information,” according to dictionary.com.
Anyone in the world with an email address has been the target of a phishing scam at one time or another.
Symantec has calculated that the average user receives 16 phishing attempt emails per month! And they’re on the rise – according to Wombat Security 76% of businesses experienced a phishing attack in 2018.
These malicious emails are the most popular form of data theft simply due to their success rate. The truth is, most users are unable to identify phishing emails. This is especially true for more advanced types, like spear phishing, where the emails are personalized for their victims.
It’s not “if” a phishing attempt will occur at your organization, it’s “when.”
Why Phishing Works
In short, everyone should be concerned about phishing.
So why is phishing so successful?
End users! Verizon’s 2018 Data Breach Investigations Report showed that 93% of security incidents are the result of phishing, and this is solely due to end user behavior.
Phishing attempts are only successful with user interaction. An unopened phishing email is basically harmless. To unleash its destructive capabilities, a human must reply with information, or click a malicious link.
Here is a great example of how easy it is to be fooled by a phishing email.
If you’re not paying attention, you may click on the malicious link, and infect your entire network.
No doubt about it, lack of phishing training is the weakest point of your organization’s network.
Keep in mind:
- No spam filter will block every single phishing email your business receives
- No anti-virus software will keep your machines safe from the viruses phishing can bring in
- Human error is the cause, and the remedy is better training and preparation
We all must resolve to become more aware of these malicious tactics, and more resilient to falling victim to ever more sophisticated cyber-attacks.
How Can Phishing Be Prevented?
The best security software in the world won’t save you from a well-executed spear phishing campaign.
You’ve got to train your employees on a consistent basis.
There are plenty of articles you can send out in a company-wide email blast about how dangerous phishing can be, but everyone learns better through interaction. Many businesses know this and purchase training software, only to use it inconsistently, yielding no real results.
Ntiva Phishing Prevention Training is an integral part of a layered security approach to relentless cyber security threats, which should include two-factor authentication. Our program will educate your entire workplace on the dangers of phishing through a personalized 12-month campaign crafted by Ntiva’s own security experts.
If you’re interested in learning more about our Phishing Prevention Training service, download the data sheet below to find out how we can help prepare your entire organization in the fight against the most popular form of cyber-attack today!