One click on a dangerous link and without realising it, you are one step closer to giving hackers access to your company’s IT systems, bank details or other personal information…..
This type of cyberattack is called phishing and it’s hard to spot the difference between a phishing email and a totally authentic one. That's often why it's the smartest, most conscientious people in a business who are targeted and fall prey to cyber criminals - they care enough to act on emails and then click bad links without realising.
Unfortunately due to the COVID-19 pandemic, 2020 has seen a huge growth in phishing attacks as more people have had to work from home. In the six weeks after the first lockdown began in March, attacks specifically targeting home-workers rose by an incredible 500%, (The Guardian), whilst over one third of UK SMEs were hit by successful phishing attacks (Capterra). In the same time period, Google reported blocking around 18 million COVID-19 phishing emails and another 240 million coronavirus spam emails every day.
Frightening statistics and there are many more like this.
So what is phishing?
At its simplest, phishing is where a hacker tries to gain access to your computer systems, bank details or other sensitive information by sending you an email pretending to be from someone else. For example, it could be in the guise of a supplier sending an invoice or an email from another colleague or customer asking for payment or personal details. From a personal perspective, it could mimic your bank, a shopping outlet or a friend of a friend.
You then click on the link or open the attachment or reply to the email, and within an instant the phisher has you ‘on the hook’. From there they will attempt to extract money or information depending on their motives.
Nearly 90% of cyber breaches happen because of human error.
It can happen to anyone - well meaning, hard-working people who make a silly mistake when they are not fully concentrating on what they’re doing. Therefore, most phishing attacks tend to occur in late afternoon when eyes are off the ball. At work, this poses a huge risk to the business as well as to you personally.
So, if like most businesses you currently have the majority of your staff working from home or working remotely what can you do to keep your employees and data secure?
At Net Technical Solutions we take IT security very seriously and see these types of attacks all the time. As part of our suite of cyber security services, we offer Phishing Awareness Training to help make you aware of where your vulnerabilities lie. In our experience, this is as equally effective as having antivirus, spam filtering or a firewall.
Each month at a random point, we will send out a fake phishing email to your staff members. The email may have links to click or attachments to open, all completely harmless and spoofed to look as if they are from LinkedIn, Facebook, HMRC, Microsoft etc. We will monitor which members of staff open emails, click on links and open attachments, then report back to you and deliver training to these members of staff in the form of short snippets, Q & As and videos to enhance their awareness.
From now until the end of December 2020, we can provide your company with a FREE BASELINE TEST to show you what your threat posture is and see how many of your users are identified as high risk.
To understand more about this type of cyberattack, we have produced a free guide on phishing which tells you what to look out for and what you need to know….and yes, you can safely hover over the link and see it goes to our secure website resources page!
For further information or to request a FREE BASELINE TEST, please contact your Net Technical Account Manager on 01252 235 235 who will be happy to advise you.