When it comes to phishing, every day can seem like Halloween for your SMB. You never know what trap is lurking behind each email. And while the fear is real, like most busy professionals, you get dozens of emails a day and don’t have the time to evaluate each one. To get your work done, you may feel like you have to rely on good judgment and hope for the best.
The Boogeyman is Real, But There Are Ways to Stay Safe
Phishing continues to be the most common cause of cyber attacks, according to a recent report from the Identity Theft Resource Center. And nearly half of all businesses targeted in cyber attacks are small businesses. Organizations that use artificial intelligence and machine learning were able to reduce the impact and cost of a breach. We’ll show you what phishing threats look like and how to secure your small business.
Understanding the Threat: What is Phishing?
Phishing is when an attacker sends a misleading message designed to trick you into revealing sensitive information or downloading a malicious attachment. Their intent is to collect your personal information to be able to access your email or bank account, sell your information to other scammers or deploy malicious software on your computer.
Verizon reports that 96% of phishing is delivered via email. Phishing threats use other communication channels, too. When the attack is carried out via text message, it’s called smishing. When carried out via phone, it’s called vishing. The intent is to impersonate a trusted source and encourage the recipient to follow a link, reply with personal information or take an action – like make a payment or transfer funds.
Spear phishing is more focused, as the attacker has researched the target and collected data from social media or other websites. This enables the attacker to send a more personalized message – for example, an email that looks like it’s coming from your manager asking you to purchase gift cards. Roughly 65% of cybercriminals have used spear phishing emails as a part of their attack arsenal.
While four out of 10 cyber attacks start with phishing; when combined with vishing, the threat becomes three times as effective as a classic phishing campaign, according to the IBM Security X-Force Threat Intelligence Index.
Criminals Wear Many Disguises: What to Watch For
Phishing emails look like they are from a company you know and trust like a credit card company or bank, or even a utility company. The message is meant to get you to click on a link or open an attachment. For example:
There’s a problem with your account
They noticed some suspicious activity
You need to confirm some information
Click a link to make a payment
Open an attachment to get freebies
Brands frequently imitated include Microsoft, Apple, Facebook, and Google. It’s not as easy to spot a counterfeit logo as you might think. Buzzfeed has examples of 10 well-known brands and fake logos. Would you be able to spot the fake in an email?
Simple Steps to Help You Stay Safe
Phishing.org provides some useful tips to help your employees avoid becoming a victim of phishing attempts:
Use strong passwords and never use the same one for multiple accounts
Never insert an unknown USB stick into your computer
Use a virtual private network (VPN) on public Wi-Fi networks
Never open unsolicited email attachments you didn’t ask for
Use a secure HTTPS connection when performing transactions online
Automation tools – artificial intelligence (AI) and machine learning (ML) – can help your SMB by analyzing message content and context. AI quickly and accurately identifies potential threats and anomalies and is always watching for warning signals in communications.
DNS filtering is defensive software that protects you and your team from phishing threats by following simple logic: if a website has something potentially dangerous within it, DNS filtering blocks you from visiting it in the first place. It’s a zero-trust solution that leaves nothing to chance.
If It Weren’t for Those Meddling Kids… Judy Essential Thwarts Attacks and Keeps Your Business Secure
AaDya designed Judy specifically to help small and midsize businesses protect themselves from cyber attacks, including phishing. AaDya’s entry-level product, Judy Essential, has the key cybersecurity protection features your business needs in one, easy-to-install package:
DNS filtering: protects users from accessing malicious and suspicious links and websites, including phishing, malware and botnets.
Secure Authentication: ensures authorized access to Judy’s dashboard and password manager. Judy’s passwordless authentication improves security with biometric or PIN authentication via mobile device so users no longer need to remember passwords.
Password Manager: securely stores and encrypts users’ passwords in a private vault for easy access when logging into business applications. Includes password auditing to evaluate password strength so users can proactively improve their security.
Endpoint Detection & Response (EDR): continually monitors users’ devices to detect and respond to cyber threats like ransomware and malware.
While Feeling Safe is Priceless, Judy Makes it Affordable
Judy Essential is available for as little as $14 per user per month. Learn more about how you can get protection from the cyber goblins and peace of mind at a price your business can afford. Sign up for a demo today!