Protect Company Email from Phishing Scams

Email messaging is a mainstay of the modern era. Businesses rely on email every day for communication. Yet in a twist of irony, 85% of all emails are considered spam, not useful for communication at all. While some spam is merely an inconvenience, other spam messages hide a dangerous attack within.  Of the 14.5 billion spam messages sent every day, at least 3 billion of them are phishing emails designed to steal personal information. While phishing can wear many disguises, the ultimate goal never changes. A successful phishing catch can be devastating; phishing attacks and USA Crime have become big business in their own right.

Phishing rarely stops at stealing personal information. Instead, phishing creates the opening needed for a more complex cyberattack to launch on its victim’s software.  More than half of all phishing emails contain malware. Ransomware attacks are also on the rise, with 184 million incidents per year. Due to the global nature of the digital landscape and the difficulty inherent in prosecuting cybercriminals, cybercrime grows more lucrative by the year. 

No one can assume their safety from cybercrime, not even big businesses. Just recently, a cyberattack locked down Colonial Pipeline’s digital equipment. The resulting supply line disruption led to a massive gas panic in the United States. The Kaseya ransomware attack hurt 1,500 customers through its use of zero-days. Size and resources are not sufficient protection against cybercrime.

Yet while larger businesses may still be targeted by cybercrime, they are more likely to survive a cyber attack than their smaller counterparts. If a small business is hit with ransomware, it can take between 2 and 6 weeks for their systems to recover. Many companies cannot operate normally during this time.  In addition to lost time, phishing attacks are a customer relations nightmare.  Customers must be notified if their data has been compromised. Many consumers punish companies incapable of keeping their data safe by taking their business elsewhere. Between lost weeks and lost customers, it’s no wonder over 60% of small businesses close their doors forever in the 6 months following a phishing attack. The cost of lost business is higher than any initial ransom.

Businesses of all sizes have an interest in defending themselves. How can they fight back against phishing schemes? One policy worth implementing is limiting who has access to what information in a company. Only 5% of companies have protected documents and folders. Over half have 1,000+ sensitive files available for all workers to see. That means if one employee is compromised by a phishing scheme, no matter how low level they are, the whole company is at risk.

Naturally, companies should also train their employees to recognize phishing schemes for what they are. 19.8% of employees click phishing links when tested. It only takes one to put the whole company in danger. Despite phishing being a risk for all businesses, only 57% offer regular cybersecurity training.  Training may not be foolproof, but a link not clicked is a catastrophe avoided.  Every employee should keep an eye out for security discrepancies. Many attacks are too advanced for regular protection programs, and a majority of businesses rely on 3rd parties for IT support.

Another place to look for evidence of phishing attacks is in company invoices and payments. 54% of attacks involve credential harvesting, which can then be used to commit invoice fraud. Of all the ways to steal from a company, invoice fraud is one of the most insidious. Put a stop to suspicious payments before they bankrupt your business!

Finally, invest in email security programs. 43% of small businesses lack a cybersecurity plan. You go unprotected at your own risk. As cyber attacks grow more advanced, so too does the software created to stop them. Advances in AI technology are preventing 50% more attacks from ever reaching inboxes. The best program misses only 5.1 malicious emails out of 100,000 emails delivered.  While email security programs do not eliminate the need for human vigilance, they do reduce the amount of time workers waste sorting through their inbox.  New programs are also compatible with cloud email and connected operations, blocking all entrances for phishers.

Learn more about whether or not your emails are safe through the visual deep dive below:

How Safe Are Your Emails? [infographic]
Courtesy of Avanan