Don’t Take the Bait When Phishing Scams Target Your Organisation

Latest News
1 June 2017 news

Microsoft Identity Manager – delivering the hybrid IT infrastructure your organisation needs

Microsoft’s identity and access management solutions provide an identity management system that spans both cloud and on-premises environments.

29 May 2017 news

Identity Experts approved for G-Cloud 9

We are pleased to announce that we have been approved to be a G-Cloud 9 supplier for both Cloud software and Cloud Support. The new G9-Cloud framework replaces both the G7 and G8 ones and goes live in May.

26 May 2017 news

Device-based conditional access

We are going to look a little more as to how you can restrict access to applications from devices that are registered with Azure AD and which meet specific conditions.

23 May 2017 news

What is Microsoft Graph API?

The Microsoft Graph API connects developers to the data that drives productivity – mail, calendar, contacts, documents, directory, devices, and more.

18 May 2017 news

Azure Information Protection – Part 1 – classifying and labelling data

AIP enables you to better protect your sensitive information – anytime, anywhere no matter where it’s stored or who it’s shared with. It will help you control and secure email, documents and sensitive data that you share outside your company.

15 May 2017 news

Creating common identities with Azure AD Connect

By integrating your on-premises directories with Azure AD it will make your users more productive by providing a common identity for accessing both cloud and on-premises resources.

1 2 18 19 20
Posted on 16 January 2019

Nobody wants to believe that their employees could pose a direct risk to their business, but when it comes to phishing scams, organisations are finding out too late that their people have taken the bait.

As a result, companies are finding themselves and their customers compromised – a dangerous position to be in under GDPR, and in light of other high-profile data breaches. So how can organisations protect themselves and ensure their employees aren’t caught out by a scam?

 

What is Phishing?

Phishing – in its broadest term – is actually more complex than simply receiving a dodgy email asking for details. Behind the playful terminology lies the heart of phishing: a type of social engineering which manipulates individuals into doing the wrong thing. Culprits achieve this by playing on fear, greed, obedience, and helpfulness.

Tapping into these emotions, phishing attacks can see victims hand over personal details or click on a bad link, resulting in any number of different scenarios: the accidental installation of ransomware, for example, or handing over secure credentials and allowing access to systems.

 

How it Affects Your Business

For businesses – the largest pool of targets for scammers – phishing can be devastating. That’s because scammers have more to play on when it comes to the employees. A business’ people are more likely to be obedient, for example. So, if an email seemingly from their boss asks them to click a link and download something that shouldbe suspicious. But hey, she’s your boss, right? What could go wrong?

What’s more, targeting businesses is also a more lucrative plan of attack for scammers: not only are there more people to target, but they’re also sitting on juicy customer data – it’s the Holy Grail for phishing attacks.

Without adequate training on how to recognise and respond to phishing, employees could unwittingly pose a security threat to even the most vigilant of organisations; educating and preparing them, then, should be a priority in protecting any business.

 

How to Protect Your Team (and Your Business)

Don’t want your business to become a statistic? Then let’s get serious about phishing for a moment. Only by taking charge and preparing can organisations like yours safeguard themselves, their people, and their customers against convincing scams.

Here’s how to begin:

  • Teach Awareness

This is perhaps the simplest, yet most crucial, step. Before they can protect the business against phishing scams, your team needs to be able to identify a scam when they see it.

That involves scrutinising email addresses and phone credentials, not logging into any website they don’t recognise (and being able to tell which websites are genuine or not through security certificates and solutions), learning about the potential consequences of falling for a scam, and – most importantly – to ask if they’re unsure.

 

  • Secure Your Business

The onus for safeguarding your organisation doesn’t fall entirely on individual employees. They need to be supported by smart identity and access management solutions at every level of the business.

Multi-factor authentication, for example, ensures that passwords alone aren’t the only method of accessing sensitive data, making it more difficult for phishers to take hold of accounts, even if they get some details.

Similarly, abandoning passwords altogether – as is Microsoft’s mission– could lead to a significantly more secure organisation.

 

  •  Run a Test

Think your team are prepared? Test that theory and see what happens.

For some of us, real-life settings are the best way to learn. Fortunately, you don’t need to wait for an opportunistic scammer to send an email to test your employees’ preparedness. It’s possible to use tools to safely simulate a phishing scam, testing your employees on their awareness and zeroing in on areas for improvement.

 

Don’t Take the Bait

Despite the sophistication of cyber threats traipsing the digital landscape, phishing scams remain the most prolific of their kind – making them a challenge to be tackled head-on. With some awareness training and preparation, however, they needn’t pose a serious risk to your business, with your employees primed to identify and report a scam at a glance, leaving phishers with empty nets.

It’s hard to resist a pun.

For assistance in fortifying your business against phishing scams, lost passwords, and so much more, feel free to get in touch with our experts, and let’s see how we can help you.

A few people we've already done it for
X