Company Phishing Trip

In a previous blog post we broke down what exactly phishing is and how it can affect you personally. For a quick refresher, phishing is essentially when a hacker pretends to be someone else, whether it be a coworker, bank, or company, in order to get you to provide them with credentials, financial information, or simply download a malicious attachment. Phishing is extremely prevalent and easy to fall victim to.

But how can a phishing attack affect your company?

Some stats for you to know:

  • Phishing attacks have gone up 65% in the last year
  • 76% of businesses have reported being the victims of a phishing attack
  • 30% of phishing emails are opened by the target
  • 12% of phishing emails are clicked by the target
  • 95% of successful hacks on enterprise companies were a result of spear phishing attacks.

Given these statistics, your business is not as secure as you think it is. There are a number of different ways that your company is at risk of falling prey to a phishing attack. Understanding these risks and what you can do to mitigate them allows you to reduce your company's risk of being hacked, keeping you, your data, and your customers a little more secure.

Ways your company is at risk of a phishing attack and what you can do to prevent it.

Risk: Your employees are your organization’s biggest security risk. The majority of your employees and managers will not be able to identify a phishing email directly. The effectiveness of a phishing attack is how well it masks itself as a legitimate email or website.

Prevention: Increase your employees training and security awareness. Keeping your aware of the security risk phishing poses goes a long way in increasing prevention. Take that a step further and get them trained on how to recognize and respond to a phishing attack. This can lower your risk to as little as 5%

_________________________________________________________

Risk: Your company lacks proper cyber security investment. A lack of tools and coverage can increase the level of exposure your company has, both from a data and financial perspective.

Prevention: Invest in a complete cyber protection suite. Locking down your inbox will make it unlikely that phishing emails will get through. Paladin’s phishing blocker recognizes and blocks 94% of phishing attempts. On top of that locking down your browser with Paladin Browser Protection or a similar tool makes it so that if you do fall victim for a phishing email the likelihood of you actually being taken to a malicious site or link is greatly reduced.

_________________________________________________________

Risk: Your employees use the same password across all platforms. While this doesn’t seem directly related to a phishing attack, it is one of your greatest risks in the event that your employees fall prey to a phishing attack. Ultimately, if your employees are sent an email that pushes them to a fake site that asks for credentials and they provide those credentials, now a hacker has all they need to attempt to break into one of your systems: a company email address, a password, and a username. They will simply run through the motions of trying a combination of these on various sites that your company likely uses.

Prevention: Invest in a password manager tool. This solution is two-fold. On the one hand it allows your employees to have extremely secure and varying passwords for every site without having to constantly remember them. This decreases the likelihood that if one credential is breached, all credentials are breached. Additionally, password managers save your passwords to the site you are accessing in order to allow for one-click login. If a phishing email attempts to take you to a site that appears to be legitimate, but isn't, the password manager will recognize that the URL is incorrect and will not place your credentials, keeping them safe from hackers.

What does a successful attack mean for your business?

A breach on your business, especially through phishing, can have a pretty devastating affect on your company.

  • One-third of consumers said they would stop dealing with a business following a cyber-security breach, even if they do not suffer a loss.
  • After your company is breached, 60% of your customers will think about moving and 30% actually do.
  • 60% of small businesses will shut their doors within 6-months of a breech
  • A breach can cost your company upwards of $600,000 when all losses and expenses are accounted for.

With these figures in mind it is easy to see how quickly your company can be affected by a breach through a phishing attack. Brand image and trust goes out the window rapidly, resulting in additional losses on-top of the losses created directly during the breach or hack.

Ultimately, it is necessary for your business to address the concern of phishing risk for your company. By taking the steps necessary to reduce this risk overall, you increase the likelihood that your business with be around for many years to come, and give yourself peace of mind.