Phishing is a digital form of social engineering to deceive individuals into providing sensitive information. This is typically done via email, having people click on links that allow hackers to get into the system.
Phishing is the number one attack used against SMBs. Here are some scary statistics to underscore this fact:
- Phishing is the leading cause of data breaches, accounting for 90% of them. (Source: retruster.)
- Nearly 1.5 million phishing sites are created each month. (Source: dashlane blog)
- 76% of businesses reported being a victim of a phishing attack in 2018 (Source: Proofpoint).
- 92% of malware is delivered via phishing emails.
What should SMBs do?
Those are sobering statistics for SMB owners to contemplate. But the good news is that phishing attacks are one of the easiest things to train your employees on how to spot and avoid. Follow these best practices to reduce your likelihood of being breached by a Phishing attack.
- Train your employees on how to spot, avoid and delete phishing attacks;
- Test your employees with Phish Testing attacks; re-train those that fail in your tests.
- Purchase and train your employees on how to use a Password Manager. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to. Employees reusing passwords will absolutely enter their credentials.
- To protect the Internet from phishing attacks using your domain name, setup SPF, DKIM and DMARC records to block the receipt of emails masquerading as your domain name.
Source: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1