The technology to prevent criminals from breaking into your business’ computer network has improved tremendously. Unfortunately, cybercriminals have found a way to bypass the technological safeguards that protect information systems: They’re targeting your employees.
Today’s most common cyberattacks use social engineering tactics like “phishing” to get workers to unwittingly let them into the company network by responding to what looks like a work email or clicking on a work-related link.
But businesses aren’t defenseless. Mike Petsalis, CEO of Vircom, explains that businesses can train their staffs to recognize phishing emails and guard against these types of cyberattacks.
“Targeted phishing is not just about password reset messages and fake support emails,” he writes in an article for AllBusiness.com. “It often involves complex social engineering ploys to get information or money out of someone. It’s a modern con that knows no borders, has a low barrier to entry, and offers an open door to millions of potential marks populating the ranks of businesses worldwide.”
What to look for:
- malicious attachments that install macros, execute invoice fraud, or worse;
- clicks or URLs that take you to a malicious website to install ransomware or to give away your credentials; and
- downloads sent by an attachment through a clicked link or external website.
Petsalis points out that the threat of phishing attacks has cost businesses more than $12 billion over the last five years.
“What’s more, because these frauds are so embarrassing when they do occur, and because there is very little recourse made available by law enforcement, these figures are most likely underreporting the issue, making the threat even more concerning,” he says.