How Businesses Can Avoid Falling Victim to Phishing Scams
When it comes to phishing scams targeted at businesses, people are often the weakest link in the chain. Phishing scams, which involve hackers tricking unsuspecting users into clicking on malicious URLs or email attachments, are one of the most common types of cyber attack for this very reason.
Hackers use phishing scams to steal information, which they can then use to gain unauthorised access to emails or financial accounts.
A recent study by OpenVPN found that 25% of employees use the same password for everything, while 23% of employees admit to very frequently clicking on links before verifying they lead to a legitimate website.
The study found that businesses tended to focus on external threats, often overlooking the role their own employees play in exposing vulnerabilities from inside an organisation.
Andy Jenkins, Operations Director at Russell Scanlan, said: “Unfortunately, people are the weakest link when it comes to cyber crime, which is why phishing scams are so common - it’s very easy for someone to click on a link they shouldn’t. Meanwhile, hackers are becoming more and more sophisticated.
“Typically, they will send a link on an email which asks for credentials. Once they have breached a company’s firewall they can sit in the system looking for an opportunity to strike and the longer they remain there, the more damage they can do. Once the system is infiltrated hackers can do things like set up rules on an email system to divert information and it’s all done without anyone’s knowledge.
There are a number of ways people can protect themselves against phishing scams. In addition to being cautious of suspicious links or email attachments, people can enable two-form authentication on email accounts, which provides detection if the account is assessed by a new device. Many phishing emails will direct you to pages asking for personal or financial information, but you should never give out such sensitive information over the internet. If in doubt, you can contact the organisation to ask if the email you’ve received is genuine.
Keeping your web browsers up to date and installing firewalls and anti-virus software are important security measures. For businesses, investing in a Cyber Insurance policy will allow you to overcome other problems in the aftermath of a cyber attack, such as legal liabilities and defence, accurate assessment of financial impairment and IT forensics to identify the source of the problem.
Andy said: “There is a lot you can do to avoid cyber crime, but the most important thing is making sure you’re vigilant. Many businesses think it will never happen to them or that their IT department will have it covered, but it’s more common that most people realise. It’s important to make sure you’re doing everything you can do avoid falling victim to it.”
If you have any concerns about the security of your computer systems, contact Russell Scanlan on 0115 947 0032.