It's NCSAM! That means we want to get the word out about some of the most common methods hackers use to target people! And phishing is for sure a hacker's most effective tool. It is their primary method of stealing information and gaining access to devices and networks. We have talked about phishing a lot in the past, and that is cause everyone must understand what it is and how to avoid it. The best way to fight phishing attacks is to educate people on identifying and avoiding them.
The most important aspect of defending yourself from phishing is to be suspicious of and properly investigate every email you interact with. A few key details and inconsistencies usually will give away phishing attacks. First off, never click on a link without first checking where it leads, which can be done by either hovering over the link or right-clicking it to copy the link address, which can be pasted in a text area and read. Similarly, never open an email attachment or start a download unless you are absolutely sure that it is what it claims to be. If you ever receive an email you were not expecting (which is one of the most common methods of phishing attacks), make sure to scrutinize the sender's address, as it probably will not be what you would expect. When in doubt, contact the sender via another means, but do not use the email, phone number, or website mentioned in that email, as that would be controlled by the person who sent the phishing email in the first place.
Most phishing attacks attempt to instill a sense of urgency in order to get you to act without looking too deep and discovering their deceit for what it is. So, of course, when you see something is made out to be urgent, scrutinize it; proper phishing protection requires a careful review of what you are interacting with to determine its legitimacy. Acting quickly may result in you downloading malware which could then be used to take down the entire company, possibly costing thousands if not millions of dollars.
Also, doesn't it seem like certain people at a company get targeted more than others? Well, there is a reason for that... Some employees may have higher permissions levels than others, meaning if their account were to be compromised, a hacker would be able to do a lot more! This is called spear-phishing and it is why executives, HR, and IT managers get targeted more.
Cyber attacks will always be a problem as long as they are profitable, but if everyone could protect themselves, cybercriminals would significantly decrease. The more we can protect ourselves from hackers and cybercriminals, the less power they will have.
We highly recommend you get our Cybersecurity Essentials for Business Owners to understand the state of cybersecurity in today's climate.
You can also check out the cybersecurity self-assessment, where you can see if your network is up to par! We help you find the holes in your company's network, and we'll even help you audit your network if you want to go through the assessment with us!
Remember: Do Your Part. #BeCyberSmart.