This blogpost will help you gain a footing in the cybersecurity world by enhancing your awareness regarding phishing emails, which are the most common way that accounts and networks are compromised.
IT Cybersecurity Starts with You
IT cybersecurity is in your hands. Of course, you will still need an MSP or MSSP to manage all the tools at your disposal as well as to maintain your network compliance and security. And while there may seem to be innumerable choices to be made regarding which links to click on, sites to access, or wireless networks to join, the simple fact is that all these options begin with a choice that you have: you have control over where you go online and what you click on. In fact, over 90% of cyberattacks begin right where you are at.
Finding Fishy Phishing Emails
A fishy email comes in from your boss and you get a weird feeling about it. It simply states, “I need you to make a purchase for the company. I’m in a meeting right now, but need you to email me back to confirm that you got this.” Or it might say, “I have an important request i need you to hand immediately. Kindly confirm your availability.”
Your boss, CEO, or company president has never emailed you like this before. You might even feel a surge of exhilaration, being asked to do something so important and so urgent.
But the fact is, it’s a phishing email and this particular kind is known as a business email compromise (BEC), since your boss’s email account has been compromised in this case. A phishing email is where a bad actor will email you, pretending to be someone else, oftentimes someone important in your organization with an urgent request. The request will usually be simple and the spelling or grammar will usually be poor. It will seem as if time were of the essence and if you don’t respond or do something right away, the company will implode and it will all be your fault. There also may be links to click on or attachments, as zip files, to download. Additionally, if you look closely at the email address, oftentimes, it will not be something recognizable or it will be different than the legitimate email address of the purported sender.
One of the most common ways that bad actors gain access to a network or account is through phishing emails. Well over 80% of organizations have reported to have been attacked by phishing email schemes. With over 99% of organizations being small to medium-sized businesses (SMBs) in the U.S. and there being about 33.2 million SMBs in the U.S. alone, that means that nearly 27 million SMBs have been attacked by phishing emails.
How to Protect Yourself
So, how do you protect yourself against phishing email attacks? Simply put: you don’t bite.
When a phishing email attack occurs, it will require that you click on a link or open a file attachment. What you simply need to do is delete the email and directly contact the person who has been impersonated to notify them of the attack. You may also report it to the U.S. Federal Trade Commission.
Contacting the supposed sender of a fishy phishing email by calling them on their direct line or talking to them directly face-to-face is probably the best way to curb a phishing attack. You may also try and email them at their actual email address, but that, too, may be compromised, so that all their emails are redirected to the hacker’s account. The best way, then, is to make a direct connection, either by voice over the phone or in person, face-to-face.
Other Tips on How to Protect Yourself against Cyberthreats
- Implement the use of strong password phrases that are not personal to you, but also easy for you to remember. An example is u$3@p@$$phr@z3thati$comp1ex. Additionally, a password manager is very useful for managing passwords and password phrases.
- Utilize security software on your computer and make sure to update it regularly to deal with any new security threats.
- Update software regularly, if not automatically, so that applications are up-to-date with the latest and greatest protections against not only bugs and fixes but also potential cybersecurity threats.
- Use multi-factor authentication to verify your access to accounts.
- Back up your data regularly and on an external hard drive or in the cloud.
You don’t have to go it alone!
Your business isn’t just a way to generate income: it’s also your livelihood and your way of connecting with and contributing to the world around you. You employ your staff not just to have seats warmed in the office or the keys of keyboards typed on: you employ staff to join you on the vision of your journey to accomplish some good in the world. We are here to help keep your mission and vision going; we help secure your network so as to mitigate the risk of running a business in today’s world of cybernetworks.
While you are on the frontline advance against cyberattacks and cyberthreats, we are right there with you, providing you with the tools and protection as well as the support you need to thrive in today’s cyber environments. You are in control of whether you click on a link or reply to a fishy email. You can relax in the peace of mind that just because a phishing email comes your way, it doesn’t automatically mean that you’ve doomed your company: you can delete a phishing attack email; you can report it; you can contact the supposed sender; you can contact us. We’re here to help!