Workplace malware protection tools may not always succeed. That's why it is
important to try and avoid the risks by following a few simple guidelines.
Email phishing spreads malware when a recipient clicks on a call-to-action or link in an unsolicited email. If your employees are duped, the consequences can be devastating for your business, customers, and reputation.
Cybercrime has become more sophisticated, with cybercriminals exploiting vulnerabilities on a large scale. One in two organisations has experienced a successful cyber attack in the past three years, and 82% of organisations don't expect this situation to ease up in the next year.
The risk of cyber security attacks has increased in recent years. Three in four security professionals state that their organisation's cyber risk has increased due to AI, geopolitics, and remote work.
There are no fool-proof methods to prevent phishing. But you can reduce the risk by installing anti-phishing tools and making your employees aware of the risks.
It may seem obvious, but both at home and at work, the first line of defence against attacks is the software on your network or device.
That's not just the anti-malware software but also security patches for your operating system, windows and any packages you use. It takes seconds to keep it updated and mitigate the consequences of any mistake you might make.
The US Federal Trade Commission reported a spike in email phishing related to the COVID-19 pandemic. A report from Digital Shadows found scammers posing as well-known and reputable organisations - including the World Health Organization and the Centers for Disease Control and Prevention.
If you receive an email from a recognised brand (such as a bank, utility, shopping or tech firm), be sceptical if it asks you to click a link to provide your personal information or passwords.
Make sure the domain on both the sender's email address and any links match that of the actual site, as you would find it via a search engine. Roll your mouse over the link and email address to ensure that they match the text displayed.
Avoid sharing your position, job title, location, company and even age on social media (with the obvious exception of sites like LinkedIn and Workplace).
It can make you more susceptible as scammers can use it to make their emails more credible (e.g. "Hey, I work with Julie in Accounts at X").
A recent report shows that one in three users click on harmful content in phishing emails, with one in two proceeding to enter sensitive information.
Familiarise yourself with how colleagues and suppliers communicate with you. It will help you to recognise their personal style in terms of the words and phrases they use, their usual sign-off, etc. This can help you detect impersonators.
In the UK, individuals were targeted by Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures'. The scale of attacks prompted the National Cyber Security Centre (part of GCHQ) to step in and automatically remove malicious sites that served phishing and malware.
If you are suspicious of an email, then forward it to your IT team. It allows them to investigate and, if necessary, both block the sender and warn your colleagues.
Remember, don't open the email or click on any links. But if you do, tell your IT team immediately so that they can mitigate any consequences.
If you receive an email from a generic address, e.g. customerservice@, help@, hr@ itsupport@, or payroll@, always be suspicious. If they ask for any personal information, check the sender's identity before responding - even if that means calling them to check!
Generic greetings (e.g. Dear Customer, User, Colleague, Friend).
If it sounds too good to be true, it usually is. If it sounds too bad to be true, it usually is. Cybercriminals are experts at fabricating extraordinary situations that they can exploit to their advantage.
We’ve created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.