People don’t think about phishing emails until there’s a problem, which means that IT professionals need to be more vigilant about reminding them of protocols and preventing the emails from making it to them in the first place.
One in every 99 emails is a phishing attempt, which adds up to 4.8 phishing emails per employee per week. Unfortunately many businesses don’t realize the frequency of these emails and rely only on the virus scanning software built into their email programs, if anything at all. This can lead to costly data breaches which cost businesses worldwide $5 billion between 2013-2016. What can be done to prevent these costly data breaches?
Why Data Breaches Happen
Humans are the weakest link in the prevention of data breaches, and any safeguards have to be built to account for human error. An astounding 30% of phishing emails make it past standard security measures, and 5% are whitelisted by a system administrator. What’s more, phishing attacks increased by 65% between 2016-2017, so more of these attacks are making it into employees’ inboxes.
Many of the most successful phishing attacksOpens a new window play to our natural fears and sense of urgency. “Grievance Filed†is one of the most successful ways to get an unsuspecting person to click on a link or open an email, because fears about job security ignite our desire to fight to clear our reputations. “Open Enrollment†is another way to play into a sense of urgency, because if you don’t enroll in health insurance during the open enrollment period you miss your opportunity for the rest of the year. Warnings of threats to our health and well-being as well as our jobs and careers spur us to action, and hackers know this.
Why Data Breaches Are So Costly
About two minutes after a phishing email is sent a hacker will have access to a network if the attempt is successful. This access is often not detected right away, giving the hacker plenty of time to steal and destroy whatever they are after. If a victim clicks on a malicious link it can download malware, or if they end up on a fraudulent website that website could collect the user’s personal information, including banking and credit card numbers, passwords, social security numbers, and more. The longer a hacker has access the more damage they can do, also often holding information ransom for an even bigger payoff.
What Can Be Done?
Training people to be on the lookout for malicious emails is priority number one for many IT departments. While it may seem obvious, many people who don’t work in IT just don’t think about it on a regular basis. Something as simple as sending out a monthly reminder email can go a long way.
But keeping in mind that humans are the weakest link, more can be done to protect a company from phishing attacks. Running additional software to detect phishing and malware attacks can save the company money and hassle in the long run.