According to the Verizon 2021 Data Breach Investigations Report, phishing attacks are responsible for the vast majority of breaches via social engineering. The sophistication and frequency of these attacks have increased year over year as well, making it difficult to spot a phishing email. How often are you asked to click on unsolicited links in a normal email? Not very often. Simply put: when in doubt, check it out.
Here are a few ways to avoid a phishing attack:
- Look before you click. There are several telltale signs of a phishing email. Look at the email address of the sender. If it looks “phishy,” it probably is. Beware of specific background information that may have been gleaned from other sources and put together, sometimes awkwardly, so as the message seems specifically for you. If the sender is asking for something “urgently” or “right away” they are likely trying to solicit your personal information or credentials. Finally, hover over the link that is in the email. If the website is not authentic, do not click the link. Remember, financial institutions typically don’t ask you to verify your personal information so if someone’s asking for that, it’s likely a phishing attempt.
- Utilize spam filtering services. Today’s spam solutions are sophisticated enough to filter out any suspicious emails. Spam filtering services block any unknown senders or foreign domain emails before they get to your inbox. You can approve domains and senders in your quarantine folder so that the filtering service will allow those emails to come to you in the future.
- Use a Next-Generation Firewall (NGFW). A NGFW is a “smart” firewall that offers multi-layer protection in your network. The firewall analyzes the traffic that comes into the network and blocks any potentially harmful sites your users may attempt to access. The firewall can help eliminate security gaps while simplifying policies across your infrastructure and the cloud.
- Inform your IT administrator of suspicious emails. It is best practice to notify your IT administrator or team when you receive a suspicious email. If the email got through spam filters, your IT team can take steps to block the domain and sender. They can also alert other uses of the potential phishing attempt.
- Conduct annual security training with your employees. Educating your users is the best way to prevent any breach or attack. Conducting annual security training allows you to test and train your team on your organization’s security policies and procedures. Consider adding a series of phishing tests to your next training with your team.
Threat actors will continue to attempt to phish personal information or credentials from your users. By implementing some or all of the suggestions above, you’re making it harder for them to do so. For more information on the solutions outlined above, contact us today.