Combatting Cybersecurity Risks- Phishing

Written By Winsome Anderson

Regardless of the industry your organization operates in, research has shown that since 2019, small business cyber breaches have increased a whopping 424% year over year! 90% of cyber attacks began with a phishing email. Phishing is a cyber attack where attackers disguise themselves as trustworthy entities to deceive individuals into divulging sensitive information, such as login credentials, financial details or personal data. There are various types of Phishing attacks:

  • Email Phishing: This is the most common form of phishing in which attackers send fraudulent emails that appear to come from legitimate sources, often containing links to fake websites or malicious attachments.

  • Spear Phishing: Targeted attacks aimed at specific individuals or organizations, where attackers use personalized information to make the phishing attempt more convincing.

  • Whaling: A form of spear phishing that targets high-profile individuals such as C-suite staff or other key employees within an organization.

  • Smishing (SMS Phishing): Phishing attacks conducted through text messages, attempting to trick recipients into providing personal information or clicking malicious links.

How to React to Phishing

Phishing emails or texts usually have certain suspicious indicators such as generic greetings, spelling errors, urgent or threatening language, mismatched email addresses, and unexpected attachments or links. Always verify requests for sensitive information or financial transactions through a secondary communication method, such as a phone call to the requester. If you suspect a phishing attempt, Do not click on any links or download attachments. Immediately report it to your IT Team for further investigation and action. If you believe you have clicked on a phishing link, or provided sensitive information, disconnect from the computer network and inform your IT Team to minimize the damage.

Phishing Prevention Best Practices

  • Training and awareness- Regularly train staff on how to recognize and respond to phishing attempts. Conduct simulated phishing exercises to reinforce awareness.

  • Email filtering and security software- implement robust email filtering solutions to detect and block phishing emails from reaching your staff inbox.

  • Multi - Factor Authentication- to add an extra layer of security, making it harder for attackers to gain access even if credentials are compromised.

Winsome Anderson
Previous

Unlocking your business financial stability- Ratio Analysis
Next

10 steps to ensure a successful audit