Today an unprecedented number of people have been forced to work from home and until vaccines are widely distributed they will continue to do so for foreseeable future. This transition to working remote has significantly slowed the spread of COVID-19. But this move, from an IT perspective, has created new and easy opportunities for cyber criminals to take advantage and put your business at risk.

2020, and now into 2021, has been record-breaking in terms of criminal cyber activity. Many well-known organizations around the world have been affected by cyber attacks. These attacks have caused financial losses and at times paralyzed if not bankrupted businesses. Because of this, it’s vital to identify cyber risks and implement measures/tactics to mitigate the impacts and keep both personal and corporate data safe.

One of the most widely used attack methods used by cybercriminals, is the phishing email. Phishing attacks attempt to trick employees into giving up their corporate credentials, which can be used to hack the entire organization’s database and gain access to sensitive data.

This method is the most common way of gaining access to IT systems and the sensitive information that these systems store. One of the most devastating and costly malicious programs that can come from activating an email phishing link is ransomware. Ransomware locks down IT systems with an encrypted lock that can only be unlocked by providing a ransom payment to the criminal. If payment is not made the entire organizations data can be erased or stolen, exposing customer data and financial information that can then be sold to malicious third parties. The results can cripple or even destroy a company.

Some Phishing Statistics of 2020

  • 97% of business users are unable to recognize a phishing email.
  • Only 3% of the users report phishing emails to the management.
  • 30% of phishing emails are opened by users, and 12% of users click on the malicious link or attachment.
  • 85% of all organizations have experienced a phishing attack at least once.
  • 1 in every 8 employees shares information on a phishing site.
  • 96% of all targeted attacks are intended for intelligence-gathering.
  • Brand impersonation accounts for 81% of all spear phishing attacks.
  • 1 in every 2 organizations were a target of ransomware attacks in 2019 and data was successfully encrypted by the attackers in 73% of these attacks.

Phishing attacks have drastically increased globally, more so now than ever with more employees working remotely. It is essential for every organization to take actions to limit their exposure to these types of attacks.

So what are some cybersecurity actions that to protect against these attacks:

  1. Educate, educate, educate,…. Every employees needs to be made aware about cyber-attack tactics and the preventive actions they can take to prevent one from happening. A cyber educated workforce is your best defense against phishing attacks.
  2. If you don’t know the sender carefully double-check the sender’s email address and look for any unusual language/writing in the body of the email.
  3. Don’t open any emails or click on any links or attachments from unknown or suspicious senders, report the email to your IT support team.
  4. Have your business implement standard email authentication protocols to secure your email domain against domain forgery. Tools such as DMARC,DKIM and SPF are a great start.

With phishing attacks increasing steadily it is important to both educate your employees and also take all the necessary steps to keep your organization safe. These are just a few security tips provided above. If you are concerned about your organization’s safety engage your IT services or engage a Managed Security Service Provider (MSSP) to assess your risks and help you build a plan to secure your business.