The stats don’t lie. Phishing attacks account for 49% of cybercrime, making them by far the biggest threat to your company’s cyber security. And even the big players aren’t safe – Google Docs users were hit by a large-scale phishing scam just this year. With 66% of small businesses reporting that they’ve suffered from a digital security breach, phishing is a threat that must be taken very seriously by companies large and small.
What are phishing attacks, and why is it so dangerous?
As cyber security experts know only too well, phishing is a scam that can both utilize requests for sensitive or valuable online data, such as user credentials or payment details, and also get malicious software installed on an employees workstation that will give an attacker access to an internal network, all from apparently trusted organizations.
We sign in and out of trusted services and receive emails as employees on a daily basis, so it’s no great surprise that many users don’t always check their legitimacy – and this is exactly why phishing attacks are so often successful. By mimicking recognized brands or emails from fellow employees, phishers are easily able to fool some users into believing that they’re safe, when in fact they’re giving away personal data and network access that can be used against them – or in many cases, the company where they work.
While for an individual, falling prey to a phishing scam can be inconvenient, perhaps even infuriating, it can have devastating consequences for a company. Losing payment information can result in significant financial losses as can the results of an attacker having access and eventual full reign of an internal network, and login details falling into the wrong hands can result in a loss of sensitive or valuable data, or even customers’ personal information – which can result in huge legal costs, significant outlay for disaster recovery and business continuity, and a PR nightmare that could well be impossible to recover from.
How can you protect your company from phishing attacks?
There are two scenarios you might need to keep yourself safe from – staff falling for a phishing email, and your customers getting caught out by phishers who persuade them that they’re signing into your services when in fact they’re giving away their login data.
The latter generally applies to high-profile companies with large user bases – like Google Docs, whose users were recently caught out by an intricate phishing scam that used their existing email contacts to trick them into giving away their login details. If you fall into this category, you can warn customers about the risks of phishing, inform them of what your communications will look like and which data you will and will not request from them, identify attempted scams early so you can minimize damage, and freeze accounts that may have already been compromised.