Fraudulent Phishing Emails
Attackers target specific people, organisations and businesses with fraudulent emails. While most have spelling mistakes and their requests tend to seem off or unusual, phishing attempts have become significantly more sophisticated in the last year. By using third-party knowledge about specific industries to target organisations. For example, posing as a member of the finance or accounting team at an investment manager or super fund, and target the appointed fund administrator to gain information about the organisation’s bank accounts. This can happen when a corporate email account has been compromised, which is also increasing.
What Can You Do To Reduce the Risk?
No organisation, regardless of size, has unlimited resources. With the increasing number and sophistication of cyber attacks an organisation cannot 100% secure at all times. Unfortunately, data breaches present an enormous financial and reputational risk for businesses. A few steps that businesses should take to help protect themselves include:
Use secure transfer protocols: Secure web portals or SFTP. When sending confidential data through email attachments, the attachments need to be encrypted to create an extra hurdle for scammers.
Use two-factor authentication (2FA): Not only for remote access to the network by work from home employees but also for key applications hosted externally and mobile email. Many times when email accounts are compromised it’s because two-factor authentication was not used for email access on mobile phones.
Use a browser protector and monitor: as well as email fraud defence solution that can detect and prevent fraudulent emails being sent from legitimate email mailboxes. XSurflog constantly works in the background to monitor all websites that your employees visit while giving them a way to block any dangerous websites immediately through XSurflog.
Hire a professional to conduct penetration testing: which can help identify exploitable vulnerabilities, including online web portals, applications and networks which may contain proprietary and confidential client data.
Employee cyber security training: Employees are an organisation’s greatest line of defence, but they can also be their greatest weakness. If employees are not aware of the cyber threats there’s not much a company can do to avoid cyber breaches. Research shows that when organisations implement cyber security training, within 90 days employees opening or clicking on phishing emails is reduced by half in simulated training.
No organisation can be 100% secure from a cyber attack. However, by implementing proactive practices may help minimise the potential risk of cyber attacks. Review our full list of services and contact us about all your cyber security needs.
Choose your preferred date and time to join us for 5 Important Cybersecurity Questions for Business now.
10 November at 4:00 pm
8 December, at 11:00 am
