Is Email the Weakest Link in Your Business?

On average, a cyberattack costs a small business $53,987. This represents a substantial loss for most small businesses. One of the ways hackers attack business is using phishing attacks.

Phishing is a type of scam that targets consumers by sending them an email that appears to be from a safe source. Oftentimes, the scammers pretend to be a bank, mortgage company, internet service provider or other well-known entity.

The hackers use email addresses and designs that look official so that you will open it. And once you do, the damage is done.

Security scientists Avanan analyzed 55.5 million emails and found that:

• Out of every 99 emails, 1 is a phishing attack
• On average, every employee will encounter 4.8 phishing emails every week
• 30 percent of phishing emails will evade security measures
• 83 percent of people were the recipients of a phishing attack

The impact of phishing attacks results in decreased productivity, loss of proprietary data and damage to a company’s reputation. When it comes to phishing attempts, 2 in 3 use a malicious link and over half contain malware.

When an employee opens a phishing email or clicks on a malware link, the attacker gains prolonged access to the victim’s system. On average, it takes less than 2 minutes for the hacker to gain access after the email reaches an inbox.

In general, there are four different types of phishing attack categories.

1. Credential harvesting

An email impersonates a trusted company and often link to fake login pages. These phishing attacks lure victims to divulge personal information like passwords and payment information. This represents 41 percent of attacks and costs the company or individual $400 per account.

2. Extortion

This type of phishing attack targets victims by asking for money in exchange for keeping secrets. Hackers establish authority by including a password or fake email address. This type of cyber attack represents 8 percent of attacks and costs businesses up to $5,000 per user.

3. Malware

Malware is hidden in an innocuous link that triggers a file to download. These types of phishing attacks bypass standard scams that only examine the email body. Malware is quite common, representing 51 percent of phishing attacks and costing a victimized business up to $2.4 million.

4. Spear phishing

Spear phishing targets high-level employees and influences them to complete a manual task. This type of phishing attack is difficult to detect because email doesn’t contain suspicious links or attachments. Spear phishing represents 0.4 percent of phishing attacks and costs the company $7.2 million on average.

Hackers prey on trust; they try to imitate trusted brands. Many legitimate emails may contain potential signs of phishing, making detection difficult. Employees click links that play on feelings of fear and urgency, responding to wording like “Warning”, Complaint filed”, “Open enrollment” or “Grievance filed”. Here are 8 ways to protect your business from phishing attacks.

1. Don’t open or click links in emails that look suspicious
2. Don’t interact with anything that comes from an unknown source
3. Never give out your Social Security number or your financial information
4. Verify all websites
5. Use different passwords for different accounts
6. Enable two-factor authentication
7. Choose your email provider carefully
8. Check your email logs if you suspect you’ve been a target of a phishing scam

Most experts agree that educating your staff is the best defense against a phishing attack. The best strategy is two-pronged: a combination of employee training and anti-phishing security software is the best way to protect your business.

Would you like to learn more about how to protect your business from cybersecurity risks? Contact a cyber liability insurance specialist to learn more.