are business technology revenue at risk
The scope of the damage that can be caused to businesses by a single poor decision to click on a link or email attachment is a risk that keeps technology and business leaders on edge. The global impact of cybersecurity is massive, with projections showing upwards of $6 trillion in damages by 2021 — a number that’s expected to continue climbing.

While encouraging users to create more secure passwords and protecting your WiFi networks are vital to the safety of your organization, there are thousands of actions a day by users that could potentially trigger an attack.

The US government is promoting a theme for 2019 Cybersecurity Awareness of “Own IT. Secure IT. Protect IT.”, illustrating the importance of engaging users early and often in the fight against cybercrime.

October is Cybersecurity Awareness Month

Every year, technology professionals look forward to October as an opportunity to raise awareness about the various challenges associated with cybersecurity. In 2019, there is a significant focus on ransomware and other malware as well as phishing emails with recent studies showing a 269% increase in email-based attacks in the past three months alone. There are three primary types of business email compromise (BEC) attacks:

  • Emails that are attempting to install software on your personal computer or business servers. These are delivered as masked links or as seemingly-innocent attachments to an email. Train staff members to “hover” their mouse over links within emails to be sure they are going to a legitimate website before clicking and to be wary of all attachments — even those from a trusted source.
  • Request emails that purport to be from either trusted vendors or internal staff members, often giving details about making a purchase or changing how a large invoice is to be paid. You can help staff spot this type of fraud by requiring a secondary method of approval for high-dollar transfers or payments to vendors. This could mean creating a process that requires a phone call or text message interaction to confirm an email-based request.
  • Account compromise or takeover attacks, where clicking a link to a fraudulent website prompts users for personal information or to log in to “their account”. These websites then capture the username and passwords entered and use them to infiltrate personal or business accounts. Coach employees to never click links asking for personal information, even from trusted sources. Instead, navigate to a web browser and type in the URL directly into the search engine to ensure you are on a legitimate website.

Preventing Phishing and Whaling Attacks

preventing phishing and whaling attacks
The best defense against cybercriminals that are out there phishing for information about your business is to get aggressive about enhancing your network security. IT security services professionals have access to enterprise-scale solutions that would be too expensive for individual organizations to license and implement without support. These proactive software solutions and services create a 360-degree network of security around your business, including:

  • Around the clock monitoring by humans as well as machine-based scans
  • Advanced antivirus, anti-malware software and firewalls
  • Email and website content filtering
  • Ongoing cybersecurity training and testing for staff members
  • Progressive access monitoring, including multi-factor authentication
  • Cutting-edge solutions that include machine learning and AI

A combination of active and passive techniques are a great baseline for cybersecurity, but user education is likely to be the most effective deterrent against phishing threats.

Even if technical solutions can filter out or block 95% of the attacks, even a single click from a single user is enough to cause your business significant problems. Creating processes and procedures for vendor payments, defining active cybersecurity strategies and ongoing training will help protect your business on an ongoing basis. Want to learn more about best practices for staying safe online? Contact the wizards at Data Magic Computer Services at 469-213-6508 to see how we’re working with business in the Dallas Fort Worth area to create next-generation cybersecurity strategies that provide holistic protection against phishing attacks and other cyber threats.