The views and opinions expressed in this article are those of the author and do not necessarily reflect the official opinions, policies, or positions of StreetShares or any of its affiliates.
The invention of the internet paired with email revolutionized business communications. Emails are commonplace in business operations. While email makes business communications easier, it also makes communication less personal.
As a result, it’s easier to fall victim to some email scams, and the results could severely damage your business.
Phishing attacks and spear phishing are two methods of cyberattack that have proven to be alarmingly effective in recent years. Your business is at risk if you don’t take appropriate action. In this article, we’ll look at how both phishing attacks and spear phishing and explore how you can keep your company safe.
What are phishing and spear phishing?
As we mentioned earlier, communication by email is simply less personal. Here’s what we mean. Since email doesn’t require you to see or speak to the person you are communicating with, it can be difficult to know if you are speaking to the person you think you’re speaking to.
In some cases, the person on the other side of an email message could be completely different from who you think it is. Phishing attacks and spear phishing take advantage of this to trick recipients into giving away valuable information.
What is a phishing attack?
Phishing attacks follow a simple formula. An email is designed to lure the recipient into giving away personal or business information. That could be anything from passwords to bank account numbers to secure login information for your company’s IT network.
Once the cybercriminal has your information, it’s possible to impersonate you. They simply help themselves to your data.
A phishing email is typically designed to look like a legitimate email from a trusted source. That’s part of how they work. You wouldn’t just give out passwords to a stranger, but if you think the email is from someone you trust, you might.
What is spear phishing?
Spear phishing follows the basic pattern but tends to be slightly more sophisticated. Instead of general email from a trusted source, spear phishing emails appear to be from very specific senders. Cybercriminals may even perform heavy research to make a spear phishing email look like the real thing.
For example, you could receive an email that looks like it’s from your managed IT services provider (MSP). It might even follow the same format your MSP follows, down to the text size, colors, logo, contact name, and even an email address that’s very close to the correct email address.
This level of specificity makes the email seem real and has a higher likelihood of success.
How to protect your company from scams
While phishing and spear phishing are pervasive, it’s totally possible to protect your company from these scams. There are several strategies you can use to greatly reduce the chances of your company falling victim to these kinds of cyberattack.
Educate your employees
One of the most effective ways of reducing your company’s risk is to educate your employees. Remember, phishing and spear phishing rely on fooling the email’s recipient. Once your staff understands what these scams look like, they will be able to avoid opening and responding to the wrong emails
There are even companies you can partner with who provide detailed training on multiple cybercrimes that companies often face. In fact, your MSP may offer help with training. That’s the best place to start.
Employee training can have a dramatic effect on the success of phishing and spear phishing scams in corporate areas. As your staff becomes more effective in resisting phishing scams, the less likely you are to suffer a phishing-related security breach.
Limit BYOD policies
As security becomes more effective and smart devices become more expensive, many companies are turning to Bring Your Own Device (BYOD) policies to manage costs. In terms of phishing, BYOD plans make employee’s personal emails and other channels prime targets for cybercriminals.
Hackers can use those personal channels to gain access to business resources through personal devices.
To limit this risk, limit the number of devices allowed to a specific set of models that your security works on most effectively. Also, try to limit the use of those devices when it comes to business use so that there are as few BYOD plan devices on the network as possible.
Fewer devices mean fewer risks.
Limit access to your company’s social media channels
Phishing scams now target your company’s social media channels as well. Cybercriminals may try to get you to access a file that deploys in your system and copies your entire contact list. Then the criminals can access all of your contacts’ data, not just the company’s data.
To prevent this, limit the number of employees that have admin privileges on your social media channels. The fewer people that have access to your admin controls, the fewer the number of people that can trigger phishing files inside your admin controls.
Look for irregularities in communications
Spear phishing scams can be particularly hard to catch when done right. However, all of these scams have one thing in common: they cannot mimic the original source perfectly.
For example, DocuSign branding has been used in attempted phishing scams many times in recent years. But there are always tale-tell signs. For example, a false domain name with a name that’s one letter different from DocuSign’s actual website.
If you can spot the irregularities in these communications, then you can avoid the scams. Start by checking the email address the email comes from, as well as any domains or websites listed. If it does not match a legitimate web presence that you can search for online, then do not open it. It’s likely a scam.
If you want your company to be safe from phishing and spear phishing scams, then you have to take a proactive approach. These are plenty of strategies you can use to improve your chances of avoiding a scam. And if you feel a bit out of your depth, don’t hesitate to call in a cybersecurity expert to help with everything from educational resources to multi-layered network security.
Katherine Deming, Account Executive at BEI
Katherine came to BEI after serving the FBI for over eight years as a “blue badger” and then as a government contractor with Booz Allen Hamilton. She worked in the Cyber Division supporting HUMINT source validation, executive briefing, and then finally as a Targeter for Cyberterrorism cases. Before joining the FBI she worked in a 20,000 user environment as a Microsoft Exchange Administrator. Katherine received her undergraduate degree from TCU and her Master of Forensics in High Technology Crime Investigation from The George Washington University. Connect with her on Facebook or LinkedIn.
This communication is provided for informational purposes only. It is not intended to be an advertisement, a solicitation, or constitute professional advice, including legal, financial, or tax advice, nor is StreetShares providing advice on any particular situation.