Five Tips on How to Protect Your Business Against a Spear Phishing Attack
Hackers have become more skilled than ever and will attack any compromised business. Phishing attacks have become a common security challenge for many companies, with 22% of breaches in 2019 involving phishing according to the Verizon 2020 Data Breach Investigations Report (DBIR).
As spear phishing continues to increase in popularity among hackers, businesses must take the needed steps to protect themselves against the attacks or risk losing money and sensitive information. With the average cost of a phishing attack up to 1.6 million dollars for a mid-size business, phishing can deal a blow for a business that doesn’t put the necessary measure against a potential attack.
What is Spear Phishing?
Spear-phishing is a highly targeted form of phishing that involves emails being sent to well-researched targets. This form of social engineering is used to impersonate an individual to trick the recipient into completing the desired action.
Spear phishing is hard to detect because they use language that appears normal to detection algorithms and the targeted victims. Spear-phishing that targets high profile and value targets is referred to as Whaling.
Tips for Protecting Your Business From Spear-Phishing Attacks
When it comes to target attacks, 65% of attacks relied on spear-phishing as their primary vector. Adequate protection from spear-phishing relies on how much effort you put. Here are steps you can take to protect your business.
1. Educate Your Employees
Conduct security awareness training for your employees on how to spot and identify spear-phishing attacks and what to do about it. Most spear phishers get personal information about their targets from social networks, encourage your employees to treat emails and social network messages with suspicion.
EVERNET’s Security Awareness Training will help your employees find hackers and their new ways to attack. We’ll also ensure the security awareness training programs are implemented and updated, and employees refreshed annually.
2. Using Security Tools
Your employees can spot many kinds of phishing attempts, and even with training, they cannot consistently detect spear phishing attacks that can cost you and your business a lot of resources to remedy the situations.
There are security products designed to help you keep the bad guys out. This includes;
- Antivirus: It can scan and detect downloaded malware or virus within an attachment in the email.
- Firewall and secure web gateways: These ensure even your workers don’t access parts of the web that will place your business security at risk.
- Password managers: Password managers use auto-login and auto-fill technology to analyze web pages before filling in the user’s sensitive information. This means links that lead to spoofed pages needing your employees’ username and password will be detected.
- DMARC technology: It’s an email authentication that has an anti-spoofing technology built on top of SPF and DKIM that can prevent domain spoofing and brand hijacking.
- Multifactor authentication: This adds an extra layer of security to your systems. The need to input another code or biometrics thwarts many of the attackers.
3. Be Vigilant
Even with security programs to prevent an attack, you need to be vigilant. Monitor your networks for unusual activities. Many network breaches aren’t detected for months with attackers spending many months accessing all kinds of information that could cripple the business.
Policies on the use of devices with the company’s information while accessing public Wi-Fi or new networks should be in place. They should use VPNs to avoid leaving companies data open to hackers which can be used to orchestrate a highly sophisticated spear-phishing attack
4. Take Good Practice Home
Spear phishers often target victims outside work. You and your employees should apply the same awareness, caution, and protection to personal and home networks.
Use strong passwords and set up multifactor authentication on devices or online systems outside work like banking, social media, shopping, and everything in between. Encrypt and secure your phone and computer with antivirus and malware programs if you use them for business-related activities.
5. Always Verify Requests
Always confirm emails requests you receive that seem strange by other means. Call the sender to approve the request if you can. Never hesitate to make a call to the sender if the demand in the email is sensitive and can lead to information leaks.
Businesses should always have procedures put in place that one can use to confirm monetary requests before any transaction or exchange.
If there is a shared link in the email that requires you to click, make sure you hover over the link to ensure the link embedded in the hypertext doesn’t lead to a fraudulent website or malicious code. If you can’t see anything wrong with the link, it might be spoofed. If a website is spoofed, mostly those of financial institutions, give them a call. This is to confirm the authenticity of the email and the instructions mentioned in the email.
Reduce the Risks
Strengthen your organization’s security defenses by combining technological solutions and business policies to ensure your business doesn’t lose money or sensitive information to cybercriminals.
Contact us today if you want EVERNET’s expertise behind the scenes watching for this sort of activities which can help you reduce the chances of your business being a victim of spear phishing.
Eric is a Business IT cybersecurity advisor, consultant, manager, integrator, and protector who founded EVERNET in 2007. Eric co-hosts a podcast called “Finance and Technology Insights by Brian & Eric” on YouTube. Eric is a regular contributor to the EVERNET blog, writing about the latest technology news and providing his expertise in cyber security prevention and management.