Defending Against Phishing

According to Government figures 80% of small businesses have been targeted with a phishing email or an attack in one way or another within the last 12 months, small businesses make tempting targets for cyber criminals. The bad guys or threat actors only need to get into your system once to call it a success for them, but for the recipient once is too much. There is no magic pill or silver bullet against this, but some planning and creating a culture of Cyber awareness within your business can go a long way.
“Everyone has a plan until they get punched in the face” -Mike Tyson
So, when creating a plan, do not just have it written on some paper and tossed into a drawer and sit back and hope for the best. Preparation is key and do not assume if my business gets attacked but rather when and have policies and procedures in place of who does what and how and when an attack takes place. Speak about your Cyber security at monthly board meetings and keep imprinting it on your staff’s minds so they are aware of the dangers of this and what to do in the event.
The following is courtesy of National Cyber Security Centre, which explains on defending your organisation against Phishing attacks and uses layers of defence and they are namely:
Layer1 - Make it difficult for attackers to reach users by considering what information is available on your website and your social media platforms and implement anti-spoofing controls in place on your email addresses.
Layer2 – Assist your users to identify and report suspected phishing emails, and this can be done through training
Layer3 – Protect your business from the effects of undetected phishing emails by using Multi Factor Authentication or 2FA, protect your users from malicious websites and use a good antimalware application on all network devices.
Layer4 – Respond quickly to any incidents, encourage users to report suspicious activity and have an incident response plan in place
As a business owner you need to start addressing your organisation’s security needs with a focus on Phishing, also identify vulnerable users and devices within your organisation. It is absolutely imperative to increase the speed of user reporting for possible phishing messages, get your staff use to checking emails and reporting it, in that way a warning can be sent through your business to other users about certain emails and from where they came from. This also allows your security or IT team to act on a breach before it gets worse.
What to do next
Staff training is vital in the defence of this scourge. We at Control IT Solutions offer Phishing simulation training for your staff – contact us here or phone 01738 310 271
Read another blog about Phishing we wrote earlier called “Don’t Get Phished”
If you are thinking about changing your current IT Service Provider or are looking to take on an IT Company to look after your business, get in touch here or phone 01738 310 271
Want to know more about what to expect from a Managed IT Service Provider – click here
To find out how we can make that change for you in an easy 3 step process - please click here to download our flyer