Over 9 out of 10 cyber attacks start with an “innocent” email. That’s why it’s vital that you have advanced threat protection against phishing in place and ready to protect your business.
Because, unfortunately, the human link in your cybersecurity chain is almost always weaker than your other defences.
Your first fix is easy, of course. Get a proper email defender in place. Yet workplace collaboration tools like Microsoft 365 and Google Workspace have opened up more avenues for phishing attacks than the humble email…
And with phishing attempts getting ever more complicated, they are increasingly difficult to spot.
That’s why it’s so important to understand how phishing attacks work and the tools you may already have at your disposal to protect your business:
How does phishing work?
Phishing attacks predominantly come in the shape of legitimate-looking emails or communications – sometimes these appear to come from colleagues, suppliers, or other trusted sources.
Unfortunately, these communications – though they may look very real – actually aren’t. There’s a hacker sitting somewhere, waiting for you or your team member to fall into their trap.
Often, these emails aren’t made using some black technical wizardry. They use what are called social engineering techniques to trick us into giving them a click.
This may include doing things like:
- Creating an email address or display name that looks very similar to a legitimate one
- Copy your company branding and put it in the communications in the right place
- Make it seem like a response is urgently needed or financial harm is in the offing
Written down like this, it may seem like you’d be able to see through this sort of thing very easily. The data says otherwise though.
Try to imagine a fast-paced day. Your team is working hard. One of them skim-reads the kind of email they get a dozen times a day… only it’s not real. They click.
Soon after, disaster follows.
What types of phishing are there?
Phishing is one of the most common types of cyber attack.
Standard phishing uses fake emails and usually large numbers of targets. It frequently pairs this with spoofing a trusted brand and a fake special offer or order confirmation email. This exploits a user’s curiosity or creates confusion.
But standard email protection tools like those built into Gmail or Microsoft Exchange Online Protection have gotten pretty good at spotting these. They’ll tend to go straight to your spam folder.
This means the methods cybercriminals use are evolving. Modern businesses are more likely to face more targeted phishing attempts of specific kinds. These are sometimes called “impersonation attacks” and generally take the form of:
- Spear phishing – is aimed at specific team members following deeper research into your organisation and even individuals. They may include details such as their role or responsibilities to seem more authentic.
- Whaling – targets the “big beasts” of your company (i.e. you and your leadership team). Some are deeply researched attempts to convince a member of your team to, for example, sign off on funds. Or the attacker can spoof an executive’s identity to convince a more junior team member to act.
How to set advanced threat protection against phishing
1) If you have Microsoft 365, use Defender in full
Windows Defender for Office365 Business Premium is a powerful bit of kit.
Make sure yours is set up correctly and it will provide some intelligent safeguarding against spear phishing and whaling attacks (that’s on top of its anti-malware functionality and spam filters).
2) Activate Safe Links
Safe Links is a highly useful tool in Defender for Office 365. This is designed to catch a particularly clever email hacking technique called URL redirection (or URL hijacking).
The way this normally works is that the attacker uses a close-to-realistic-looking shortened URL and edits its destination once your team member clicks on the phishing email it was part of.
Defender 365 for Business Premium catches these as efficiently as your spam filter catches regular spam.
3) Turn on Safe Attachments
Safe Attachments is a smart option in Defender 365 that lets your client essentially “try out” email attachments in a walled-off environment first to see what they do. This lets it check they’re safe before they get onto your “real” system.
It’s proven to be highly effective at confirming your team member is safe to open that otherwise potentially dodgy attachment.
Institute advanced email hacking protection
This sort of advanced email hacking protection should be done in combination with your other cybersecurity measures. Things like Multi-Factor Authentication, Single Sign-On, and team cybersecurity training.
Start taking advantage of the additional protections Microsoft 365 Business Premium offers today. But don’t overlook the need to consider your cybersecurity as a whole from every level and angle.
Not sure what the next step is for your cybersecurity? Let’s talk.
Dial A Geek is already trusted by over 1000 businesses in Bristol and the UK.
Set up a cost and commitment-free chat with Chief Geek Gildas Jones today to see what your first steps to a cyber-secure future would look like.