Phishing attacks are something that everyone who uses the Internet must be aware of. For those who may not know, phishing is a form of social engineering that deceives users into doing something to compromise their computer, their identity, their network, or all three. Phishing is typically done via email where people are enticed to click on malicious links that could ultimately allow hackers to gain access to their account credentials or even remote access to their computer.
Phishing attacks account for nearly 90% of cyber attacks on businesses, yet the majority of Small to Medium-sized Businesses (SMBs) have yet to train their employees on cybersecurity. This lack of awareness training puts those SMB’s at grave risk of compromise from phishing attacks.
Cyber attacks have increased every year for the past two decades and the damage is becoming more significant and devastating to SMBs. With more remote workers during the COVID-19 pandemic, hackers have doubled-down on these phishing attacks. As noted in CyberHoot’s recent blog article they can be quite devious and convincing with their social engineering ploys.
What Should a Business be Doing?
Phishing attacks make it easy for hackers, as victims essentially hand over their sensitive information to the hackers, or allow them into their network when employees click on a malicious attachment. The number one way to defend against phishing attacks is through cybersecurity awareness training. Below we have created a list of what can be done to defend against phishing attacks.
- Train your employees on how to spot, avoid, and delete phishing attacks.
- Test your employees with Phish Testing attacks; re-train those that fail your tests.
- Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to.
- To protect the Internet from phishing attacks using your domain name, setup SPF, DKIM and DMARC records to block the receipt of emails masquerading as users sending phishing attacks under your domain name.
What Is The Best Way To Train Staff?
CyberHoot phish testing allows MSP Administrators to create phishing campaigns to test their own employees or their clients. CyberHoot has set up multiple templates from domains appearing to be Google, Amazon, Microsoft, Apple, hospitals, or even government entities relating to COVID-19. Coronavirus phishing scams are quite common at the moment.
CyberHoot has implemented these phishing tests and free templates to use on your employees. CyberHoot allows you to see which users are opening the email, clicking on the links, and who is entering data (usernames and passwords) allowing you to identify your weakest links and provide them remedial training on phishing before a hacker succeeds in breaching your business.
Sign up with CyberHoot today to see what it is all about and to get started phish testing your employees.