Intellectual Property, Information Technology & Cybersecurity

How to Protect Your Business from Phishing Attacks

I’m willing to bet that you or someone at your company has already been the victim of a phishing attack. With email surpassing in-person and telephone conversations, particularly now that everyone is working remotely, email has become the preferred attack vector for many criminal organizations. So, I feel pretty confident that the odds are in my favor for winning the bet. Let’s take a look at what phishing is, how it’s done, why and what you can do to keep you, your employees, and your company safe.

In fact, email related cyber-attacks have been on the rise year after year with the United Nations reporting a 600% increase in malicious emails during the COVID-19 pandemic. Threat actors have taken notice that employees are more vulnerable to cyber-attacks while working from home as some of the security controls implemented in the workplace are not available at the individual computer level.

What is phishing?

According to the US Cybersecurity & Infrastructure Security Agency (CISA), phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual.

It’s scary at how easy it is to fall victim to these attacks. There are two common phishing methods. One entails the victim clicking on a link that takes them to a fraudulent website or landing page that looks legitimate. The attacker uses the page to steal username and password, personal identifiable information (PII), credit card numbers, among other information. The second technique commonly used is to include a file attached to the email that installs malware in the victim’s computer when opened. Attackers then use this malware to gain remote access to the victim’s computer. The attackers can then use such access to pivot to other systems in the network or to steal documents and other information from the compromised system.

Read the entire article.

< Back