Remaining Vigilant: Countering Phishing Threats
As the world of cyber-security continues to develop and become more sophisticated, it remains important to ensure your employees are continuing to practice the most basic of cybersecurity policies. In recent times there has been a noted rise in attempted phishing attacks on businesses, with LinkedIn being the latest big-name company to be exploited for criminal gain.
At Fitzrovia IT we believe prevention is always better than cure, and as such always keep our clients informed of the current threats that could be used to damage their businesses – ensuring they have the necessary tools needed to remain vigilant in the face of cybercrime. It’s imperative to stay up-to-date with the latest cyberthreats and criminal tactics in order to safeguard the future of your business – today we will further discuss how you can protect your business from this current phishing threat.
Current Threats to Your Employees
As highlighted last week, LinkedIn users are currently facing an increased level of attempted phishing attacks; they’re being advised to remain vigilant in recognising suspicious emails purportedly sent from the company, as it has recently become a popular vehicle for cyber criminals. According to research presented by researchers at Checkpoint, 52% of phishing attacks this year attempted to leverage LinkedIn.
Attacks occur when employees interact with seemingly legitimate emails arriving from LinkedIn – if the email recipient is to click the link contained within the email, they’re redirected to a login page designed to appear like LinkedIn. If they enter their credentials into the login portal, their email address and password are sent directly to the cybercriminal, who is then able to access the user’s LinkedIn account.
While this is a fairly basic form of cyber-attack, the guise of legitimacy presented by the criminals’ usage of the LinkedIn name often lulls victims into a false sense of security. Employees may not recognise that they’re about to engage with a phishing email, inputting their credentials and enabling further breaches. Cyber criminals disseminate mass-phishing campaigns as they are basic, easy and effective when sent to unsuspecting users.
Countering the Threat
There a number of basic steps that employees and businesses must take to ensure they are prepared to recognise, prevent or remediate potential phishing attacks. The central elements of anti-phishing policy are; good password hygiene; multi-factor authentication (MFA); anti-virus software; and user-awareness training.
It can’t be iterated enough times just how essential strong password protection and multi factor authentication (MFA) are to your enterprise. Password reuse, single factor authentication and stored passwords in accessible locations are all hugely common mistakes that can be easily amended. Whilst it may feel like the easiest option to reuse memorable passwords across accounts and devices, this is hugely detrimental to online security.
If an employee who reuses passwords across multiple platforms is to fall victim to the latest LinkedIn phishing trap, criminals can then access all of their accounts, compromising the security of the entire business. A simple solution to forgotten passwords is the use of a secure password management app, and the implementation of MFA policy. MFA is a tool that largely removes the threat of password breaches, being a simple a change that can block up to 99.9% of cyber-attacks.
In the case that an employee does engage with a phishing email, it’s essential that their endpoint device and your systems are protected by up-to-date software, fully patched systems and adequate antivirus protection. Updated systems ensure your employees are running watertight programmes, removing the threat of system weaknesses that can be exploited by criminals. Similarly, antivirus protection is essential – as anti-malware programmes can be used to prevent, detect, and remove malware that may have been deployed by the criminal behind the attacks.
The last essential point to consider in your move to tackling phishing attacks, is the utilisation of user-awareness training. With the help of our IT experts, your employees can develop a grounded knowledge of the facets of phishing attacks, developing the necessary skills to protect their credentials and data. There are often a number of small giveaways that can alert the user to the criminality of a phishing email. Common warning signs to look for are messages containing bad spelling, grammar, impersonality, or an email claiming to be urgent that needs to be acted upon immediately.
Using phishing simulations, visual prompts and informative resources, your team can learn how to recognise potential threats and the processes for reporting them to the necessary IT security team. Undoubtedly user training will provide your employees with the most comprehensive understanding of both phishing attacks and the necessity of ironclad cybersecurity policy.
As criminals continue to target businesses in new and advanced ways, they also continue to deploy tried and tested basic methods of criminal deception. The LinkedIn phishing scam we’ve highlighted today may currently be more visible due to its exploitation of a widely recognised and respected company, however phishing attack guises are not solely limited to businesses of this calibre.
If you feel that your employees could benefit from a specialised cybersecurity refresher, or you want to develop your business’ cybersecurity policy, speak to one of our expert team today to discuss how we can move forward together in bolstering your cybersecurity practices.