Email is a communication tool that we all rely on everyday, which is why it’s the favorite vector of attack for many cybercriminals. Instead of devising sophisticated hacking methods, attackers are finding it easier to simply trick your employees into handing over sensitive business information. This ruse is called phishing.
They perpetrate their scam by pretending to be your bank or a law enforcement agency. In some instances, they pose as customers or a representative from a website that you use.
In the fake emails they send, attackers will often claim that your account has been suspended and that you have to log in and update your password for the suspension to be lifted. In reality, you’re just giving them your password on a silver platter.
In other cases, scammers will bait you into downloading malicious attachments by attaching fake receipts for a purchase you never made. The intention is to infect your computer with a keylogger so they can monitor and record everything you type in your computer, including usernames and passwords.
The attackers then exploit the information they collect to empty your account or commit identity fraud.
According to a phishing study by ThreatSim, 18 percent of fake emails containing malicious links, and attachments are opened and downloaded in the workplace. This could have a significant effect on your business and your company’s reputation, especially if the employee who takes the bait is the same person in charge of your company’s finances or sensitive customer information.
The scheme works because most employees are unaware of what phishing is, how it works, and the impact it could have on the company and its customers.
But by educating and evaluating your employees constantly, you could mitigate your risks, if not eliminate them altogether. Here’s a 3-step approach that you can implement today.
Assess how vulnerable your company and your employees are
Do your employees know what a phishing attack is? Do they know what to look out for in emails, phone calls, and text messages? Do they know what to do if they receive a potential phishing message? By doing assessments and mock attacks, you will be able to determine which employee is most vulnerable and identify the factors that caused the employee to take the bait.
Train your employees regularly
Knowledge is key in combating online fraud, but it’s not enough. With the volume of emails your employees receive on a daily basis, it’s easy to be complacent and miss red flags even if your workers have been trained to spot them. That's why you should reinforce their learning by conducting regular training as well as doing random simulated attacks. Note, however, that mock attacks must be handled professionally and in a sensitive manner to avoid embarrassing employees.
Establish a response and reporting protocol
If an employee receives an email that he thinks contains a malicious attachment, should he delete it outright? What if it’s a legitimate message from a customer or a supplier? By issuing a clear set of guidelines for handling and reporting suspicious emails, you make it easier for everyone to comply with your data protection policy, without sacrificing productivity.
While there is no 100% protection against email scams, educating your employees and conducting regular evaluation of your company’s potential vulnerabilities is an effective way of limiting your exposure. And by adding logical access control to your company’s computers and internal network, you increase security as well as accountability.
To find out about how you can utilize smart cards to monitor and control access to your company workstations, speak with our smart card experts at 1-800-667-1772. Calls are toll-free. You can also send your inquiries via email.
For Further Reading: