In the digital marketplace, it’s no longer enough to be the best there is at what you do. Business owners and entrepreneurs also fight a battle on multiple fronts. They must be ever-changing and evolving to remain relevant and attractive to capricious customers who know just how fickle they can afford to be. They must constantly keep an eye on the competition to ensure that competing brands don’t get an inch of inside track. They must be imaginative and appealing in their marketing efforts. And on top of all this, they must also guard against a variety of cyber security threats.
Of these phishing is one of the most persistent, ever-present and ever-evolving threats. As a responsible business owner, it behoves you to take steps to guard against it!
What is phishing and how big a problem is it?
Imagine someone wearing a mask of your face mugging helpless old ladies in the street. That is, essentially, what phishing is. Phishing and “spoofing” uses an email that looks suspiciously like it was sent from your business but actually contains malicious links and / or attachments. Broadly speaking there are 3 types of phishing;
- Clone Phishing- This is where an exact copy of a legitimate email is sent out to your customers but with a malicious attachment or link.
- Spear Phishing- This is a more focused attempt to target your clientele, attempting to contact a specific person pretending to be you to exploit that trusted connection.
- Whaling- Whaling is where emails posing as law enforcement officials or other authority figures try to threaten your clients into clicking on malicious links.
Needless to say, any of these 3 can be a PR disaster for your brand and undermine the trust that you’ve spent a career building in your customers. As for the extent of the issue and how it affects your business, take a look at these…
Freaky facts and scary stats
As with most cyber security issues we can fall into the trap of assuming that they will never happen to us… Until they do. If you’re still feeling blase about phishing it may worry you to learn that any member of your workforce could click on a malicious link and allow phishing networks to steal their identity and compromise your reputation. In fact;
- Over 65% of companies targeted by email fraudsters had five or more employees’ identities spoofed.
- 53% of all companies were targeted by way of domain spoofing (this is where a slightly varied or misspelled copy of your URL is used.
- 25% of clicks on malicious emails were made within one minute of delivery and 50% were made within an hour.
As you can see, if an employee clicks on a malicious link to a trusted source and gives them vital information this can make your business vulnerable to spoofing or make your network vulnerable to further attacks. Worse still, this can happen within a minute of a malicious email being opened, making it difficult to react to.
Fortifying your weakest link
Are your employees the weak link in your protection against phishing? Are you? In order to protect your network and your reputation it’s imperative that business leaders;
- Have a strict password policy, ensuring that passwords are changed regularly.
- Train and test employees on how to spot phishing emails.
- Have a policy for employees who access the network from their own devices (these represent a huge security weak spot for enterprises).
- Invest in comprehensive cyber security solutions and install regular updates.
When you have the right infrastructure in place and your employees are well informed, your weakest link is fortified and your business is protected from phishing!