Our ever-changing cyber security landscape continues to reveal new and unfortunate malicious agents that threaten companies’ security strategies.
What Is Phishing?
Phishing is a social engineering activity that tricks users into giving out sensitive information to cyber criminals via email. It is an elaborate method of preying digitally on people’s emotions: greed, curiosity, or fear. They will be pushy or make threats or promises so you’ll respond immediately without thinking.
The emails often look like they come from a trustworthy individual or credible organisation, this is why it’s so tough to identify phishing emails.
Why Are Phishing Emails Harmful?
Phishing is associated with virus infections, ransomware, identity theft, data theft, and plenty other dangerous ploys. The outside threat who sends phishing emails can also use your computer to attack your organisation.
Phish and spam are alike; they’re both unwanted emails. Unlike spam, Phishing emails are targeted and deceptive emails sent to you in order to gain information, access, or money. The intent is malicious.
How Can You Protect Against Phishing?
Microsoft, in particular, is uniquely placed to protect against these threats as they process more internet and email traffic than all of the cyber security vendors in the world combined, says Microsoft Solutions Architect Sean O’Farrell (see graph below).
“The first point of defence for any company should be Security Awareness for companies using any cloud services like Exchange Online. It is critical to educate staff on the worrying trend of phishing emails being sent under the guise of software vendor emails and innocent-looking unsolicited spam email,” says Sean.
“A lot of companies have not moved on or embraced advances in messaging technology in terms of domain validation. Traditionally companies use Domain Name Service (DNS) Sender Policy Framework (SPF) records to verify their sender sources but new technologies like Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC) can protect domains from being unsolicited spam and phishing campaigns,” he added.
Yet none of these protections will hold up if your team is not educated on simple security hygiene.
Here are some standard security awareness steps that you can start enforcing today to prevent phishing:
Firstly, this goes without saying: lock your PC, laptop or smart phone when leaving it unattended. It’s natural to walk away from your device at the office without locking it. Don’t. You don’t know who is on-site in your work place at any given moment. This step should be heavily enforced if you’re off-site and working in a public space.
Emails deserve a hard look. We’re all generally cautious with email, but it pays to be extra cautious. Each part of an email is a decision point, and how you interact with the email is important. Keep in mind: