It’s Phishing Season: How to Keep Your Company Safe Online

Today, email is a vital method of communication. Ironically, most of the emails people receive today aren’t intended to communicate anything. A whopping 85% of all emails are considered spam. While some spam is just an annoyance, spam is also the place where dangerous attacks hide.

Phishing emails intent on stealing the recipient’s personal information come in many disguises, all of which could appear harmless at first. At least 3 billion phishing emails are sent every day, though more could be going unreported.

A Deeper Dive Into Phishing

Phishing doesn’t stop after stealing personal information. Instead, phishing is often the opening salvo of a more concentrated cyber attack. More than half of all phishing emails contain malware designed to harm your computer in the hopes of extracting a ransom. Due to its global capabilities and difficulty to prosecute, cybercrime grows more and more lucrative every year.

Because cybercrime is so widespread, no one can rightly assume they won’t be targeted. Ransomware attacks have gotten everyone from private individuals to big businesses. The latter case is especially present in headlines. When a ransomware cyber attack locked down Colonial Pipeline’s digital equipment, the United States suffered a massive gas panic. The Kaseya ransomware attack infiltrated up to 1,500 of Kaseya’s customers. No one is too big for cybercriminals to target.

If large corporations can’t rely on their size and resources for safety, what hope do small businesses have? It can take between 2 and 6 weeks for a small business to recover from ransomware. Due to requirements that businesses notify customers of data breaches, customers know which companies failed to protect their personal information. Many take steps to protect themselves from future harm by shopping somewhere else. Losing customers this way is a massive hit for business: even 4% of abnormal customer attrition results in over $5 million lost. Everything taken together, it’s no wonder that more than 60% of small businesses close permanently in the 6 months following a successful phishing attack. 

How to Fight Back

How can companies fight back against phishing? The first thing they need to do is establish an employee training program. Over 80% of scams rely on human error to accomplish their goals. While training is not infallible, every phishing link not clicked is a crisis averted on the company’s end. Next, companies ought to verify all invoices and payments.

Over half of phishing attacks involve credential harvesting, which could allow criminals to steal from a business using invoice fraud. Keep an eye on statements and stop the steal before it’s too late.

Finally, invest in email security programs while keeping a human eye out for discrepancies. Right now, 43% of small businesses lack a cybersecurity plan at their own risk. Humans can’t catch every security flaw, but 25% of phishing emails can bypass default security. Advanced AI is working to keep malicious emails out of inboxes, but a few slip through cracks regardless.

Photo Courtesy of Avanan

Courtesy of Avanan