If you’re familiar with the challenges businesses face in their cyber-security, you’re likely familiar with phishing – but a startling number of businesses truly understand how common a threat it really is. With nearly one-third of data breaches in 2018 involving phishing, it pays to understand what it is and what you can do to protect yourself.

What is phishing?

At its basic level, phishing is a type of fraud where data thieves make contact with a company under false pretenses, in an attempt to get the recipient to click a link or download a file. That link, or file, will contain malware, which will infect the entire machine, and maybe even the network, of the person who has clicked it.

This allows the cyber-criminal full access to the system, to do what they please. Some want to farm confidential data, others want to freeze the system to ransom its release, and others still just want to disrupt businesses in as catastrophic a way possible. Whatever the goal, phishing is a disruptive and highly dangerous security threat.

How does it work?

The whole premise of phishing involves action from the recipient – it’s not like cyber-thieves consciously hacking into your system. It requires direct involvement for the user, either in the form of clicking on a malware-ridden link or downloading a file from an untrustworthy source.

To do this, phishing cyber-criminals will do their best to appear as legitimate as possible. For example, as reported by Avnan, Microsoft and Amazon are two of the brands most frequently imitated by data thieves to give the illusion of legitimacy.

A notable trend is developing where cyber-criminals are capitalising on recipients’ willingness to respond urgently to messages deemed to be from an “authority”. In many cases, cyber-criminals may also pose as disgruntled customers complaining about their service, or unhappy suppliers seeking resolution for imagined issues.

Phishing cyber-criminals go to considerable lengths to make their communications appear as legitimate as possible, and prey on the recipient being inattentive enough to click on a link/file without thinking. Once the person has clicked and the malware is downloaded, the hidden virus can get to work and the cyber-criminals can profit.

What can you do?

So you can take it as read that phishing is a serious concern for your business’ cyber-security, what can you do to prevent falling victim? The best-known security measure is diligence – everyone in your business needs to understand how to spot a suspicious communication and have appropriate security awareness training.

Phishing emails can often give themselves away by having misspellings, crooked or low-resolution logos, and the contents of the message containing poor grammar. As phishing can occur through other channels than email, such as an on your social media feeds, it’s important employees closely assess every message they open.

No matter how well they’re trained, however, people can still make mistakes. So it’s important that your network and each machine in it has a robust anti-virus system with up to date definitions. There are a number of email filters, anti-spyware programs, and web security gateways that can help keep your system safe.

Contact specialist help

If you want to make sure your business has the best possible defences against phishing attacks, you should contact the team at catalyst2 today. Our friendly and experienced team of professionals are on hand to provide you with advice and guidance about the next steps you should be taking to ensure you’re safe from phishing.

We’re specialists in all manner of cyber-security, so take the initiative and protect yourself from a malicious phishing cyber-attack – contact catalyst2 today.