One of the most basic forms of network infiltration comes via an email disguised to be legitimate, aka a phishing email. If a hacker gets an unsuspecting user with network credentials to download a malicious file from an attachment or website link, they can often sneak past certain network security.
Phishing is one of the biggest dangers that investment firms and other organizations face when it comes to cybersecurity because it directly targets individual computer users. All it takes is a single person to be fooled by a fake email and the whole network can be breached.
Triada Networks provides computer security and compliance support to asset management and financial services firms in the New York City and New Jersey area. We’re often called in to beef up network security in the aftermath of a data breach, and many of them are initiated by phishing emails. We couple multi-layered security with staff training to keep our clients protected against phishing attacks and keep their data secure.
Phishing is so dangerous because, along with social engineering, it’s responsible for about 90 percent of data breaches. Many of the major attacks you’ve read about all started from an unsuspecting user clicking on a fake phishing email. It was a spear phishing attack that was responsible for that now infamous data breach at the Democratic National Convention in 2016.
Financial services firms are particularly prime targets of cybercrime due to the financial data their networks transmit and receive daily.
76% of data security breaches are financially motivated. (Forbes)
So, what can a company do to protect against this ongoing cybersecurity threat? We’ve got our best tips next for training your staff to recognize and avoid falling victim to phishing attacks.
First, let’s take a look at the main types of phishing you’ll want to watch out for.
What are the Different Types of Phishing Attacks?
All phishing attacks are deceptive and designed to trick the email or message recipient into trusting them enough to download an attachment or click on a link that contains a malicious script. This allows the hacker to breach the network and gain access to financial information, corporate secrets, or information that can be used for blackmail or be sold on the dark web.
The three main types are phishing attacks are:
General Phishing: Hackers send out millions of phishing emails, not targeting any individual in particular, to see what they can catch. The goal is gain access to login credentials, financial data, or control of a system.
Spear Phishing: This type of attack is more targeted and typically targets individuals at a particular organization that the hacker wants to breach. The hacker may do research on individuals that allow them to craft phishing emails that look more legitimate to the user.
Whaling: Whaling is similar to spear phishing in that specific user targets are chosen, but these are typically users like CEOs or CTOs that have login credentials to more of a company’s sensitive data assets.
Use These Tips to Thwart a Phishing Attack at Your Company
A combination of training and good security practices can help you avoid falling victim to a phishing attack and costly data breach. Following these commonsense tips can end up saving you big time.
Conduct Ongoing User Training
Just emailing your staff a PDF on phishing isn’t quite enough to give them the cybersecurity training they need to avoid falling victim. Ensure they receive ongoing training on the following key user defenses:
- Pause before reacting to an email (especially one using urgency as a trap)
- Hover over links in emails before clicking them to reveal the true URL
- Don’t download any attachments you aren’t expecting
- Ask your IT support team if you are unsure if an email is legit, before clicking on anything
- Make others in your organization aware of any phishing emails you receive, so they can watch out for them
Use Good Password Security Protocols
Do you have a system in place to help your team choose strong passwords, or do they just choose their own? Using the same password for every login is a common lax security mistake many make, and that coupled with using a weak password makes it easy for hackers to get into multiple systems. Make sure your staff are using good password security.
Use Anti-Phishing Software
Not all IT security software is designed to prevent phishing, but those that are can help your users prevent a click that invites a data breach. At Triada Networks we work with IRONSCALES because it’s the only anti-phishing software that combines human intelligence with machine learning to prevent, detect, and automatically respond to the sophisticated phishing attacks being launched daily.
Key features offered by this software include:
- InMail phishing alerts
- Sender reputation scoring
- Inbox behavioral analysis
- Similarity checks
- Real-time email scanning
Utilize Browser-based Security
There are a couple of ways that you can stay protected against phishing email links to malicious websites that download scripts onto your computer.
First, have users keep their browser updated with the latest security patches. Just like software and apps, browsers are often updated to close security loopholes that have been exploited by hackers.
Second, install an anti-phishing toolbar. Many popular browsers offer this protection which runs checks on sites you’re visiting and warns you if it’s a known phishing site.
Request Your Free Security Scorecard Today!
Wondering if your network security is fully protecting your business from a data breach? Triada Networks offers free consultations with a comprehensive security scorecard and customized proposal.
Don’t let that next phishing email cause your network to be hacked, schedule your consultation online or by calling us at 201-297-7778.