The time is ripe for SMBs to take up arms against the incessant cyber-pounding they endure every day. And when it comes to thwarting cyberattacks, the first step is prevention.
Today, over 90% of cyberattacks begin with a user clicking on a phishing email. As these attacks evolve rapidly – and users continue to be the weakest security link – all it takes is just one gullible employee to put your entire business at risk. Implementing effective anti-phishing best practices therefore should be top of mind for today’s growing businesses.
A recent Webroot™ report quizzed workers worldwide on their phishing knowledge and clicking habits, and the results make clear there’s much to be done in the way of education.
- 48% of office workers have had their data compromised
- Nearly 1 in 3 of them didn’t change their account passwords afterward
- 49% of employees admitted to clicking on links from unknown senders at work
And a single click on a malicious link can give cybercriminals access to sensitive information such as admin credentials—and could lead them directly to critical business data.
Anti-phishing tips for your business
Anti-phishing best practices today require a mix of technical controls, employee education, and incident response best practices. That’s the recommendation from Forrester in its latest report titled Best Practices: Phishing Prevention.
Here are some phishing prevention tips to protect your business:
- Invest in technology. While it is always important to back up sensitive data and invest in both next-gen antivirus and URL filtering, don’t skimp on investing in IT security technology like multifactor authentication (MFA) and email authentication. MFA can help thwart phishing attacks by making it harder for cybercriminals to use harvested credentials for future attacks, while email authentication makes certain that the listed sender is who they are supposed to be, thus ensuring security for users.
- Don’t overlook threat intelligence. Invest in preemptive measures like signing up for actively updated threat intelligence to help predict future attacks, raise awareness on new attack types and even flag emails from high-risk areas. Phishing threat intelligence can also extract key indicators-of-compromise from newer phishing threats.
- Invest in security awareness training. Given today’s evolving threat landscape, teaching your employees about good password hygiene and using a password manager aren’t just enough. It’s imperative to train your employees on how to identify phishing emails and even test them periodically. And the best way to do so is by investing in security awareness training.