Phishing: The Cyberthreat That Will Not Go Away

According to cybersecurity company, Proofpoint, “Phishing is when attackers send malicious emails designed to trick people into falling for a scam. The intent is often to get users to reveal financial information, system credentials or other sensitive data.” The term comes from the sport of fishing, where you drop a line in the water hoping to catch a fish. Similarly, you are sending out an email hoping to trick workers into revealing important information by phishing.

Phishing is still a major problem globally and, according to Retruster, has increased by 65% in the last year. Part of its popularity is that it takes very little knowledge to create a phishing scam and steal information. As opposed to, say, hacking a company password, phishing is extremely easy to create and execute. The other reason it is so popular is it works so well. People are used to clicking on emails as part of their job, so they aren’t doing anything that they would not normally do in their day-to-day routine.

How to end phishing attacks

Sadly, there’s no easy answer on how to end phishing attacks. If there were a single program or application, someone would have created it by now. Phishing relies on social engineering and the willingness of workers to trust what they see. That being said, there are effective ways to prevent phishing in your organization, but it does take time and money to establish proper boundaries.

One of the most important things you can do is to educate your employees about phishing scams. Most of the time, for these attacks to work, the employee must be fooled into clicking on the false link. By educating your staff on phishing attacks and what to look for, you create a more knowledgeable workforce who are less likely to be taken advantage of.

Password management

Another useful tool is password management. Making passwords more difficult and changing them more frequently (sometimes called password hygiene) makes it more difficult for someone to steal information and, more importantly, for that information to continue to be useful. If a criminal gets a password that is changed within a few days, the damage they can do is diminished.

Although there are no magic programs, creating a secure email gateway is also a great way to protect your data. Spam filters are notoriously bad at filtering out dangerous emails; however, secure gateways are built with only that purpose in mind. They are much better at detecting false emails and preventing them from getting to your staff in the first place. The best defense against phishing scams ultimately is if your employees never have to encounter them.

Two-factor authorization

Finally, implementing two-factor authorization is also an excellent way to protect your system. This is where an employee needs an extra step of verification beyond their password to access important data. Any barriers you can put between criminals and the data you are trying to protect makes it more difficult to steal from your company.

Conclusion

Phishing is still a genuine threat. Although there are no magical solutions, you can be prepared through education, a more secure email gateway, and establishing good password hygiene practices. If criminals start dropping their lines in the water and don’t get any fish, you can keep them away from your fishing hole.