Are you aware that when you receive an email from someone you recognise, it might not be from who you think it is? There are, on average, over three billion fake emails sent around the world, every single day ...
There are many forms of cyberattack targeted at most industry types, but phishing and spoofing emails remain one of the highest forms of successful cybercrime. Why is this, you may ask? Put simply, because companies and organisations do not implement industry-standard authentication protocols to their email systems.
Figures from March 2020 show that almost half of businesses (46%) and a quarter of charities (26%) report having cybersecurity breaches or attacks in the last 12 months. Like previous years, this is higher among medium-size businesses (68%), large businesses (75%) and high-income charities (57%).
Phishing is the first delivery method for other types of malicious software. A phishing attack isn't just targeted at gaining information. Phishing attacks can also be used to distribute malicious programs, such as ransomware. Email attachments are still the main method of delivery for malicious programs.
Just in the current pandemic, over £2 million has been lost to coronavirus-themed scams, phishing emails and other fraud in the UK alone as cybercriminals look to exploit the COVID-19 pandemic for their own gain.
Figures from the US for 2020 are staggering:
- Up to 97% of emails cannot be identified by the receiver as fake and not sent by a genuine person
- Up to 30% of emails are targeted to a specific individual, and despite the training and publicity surrounding fake emails containing links to malicious websites that download viruses into a company's network, as many as 12% of users actually open and click on the link!
- 85% of US organisations have suffered from phishing attacks. These attacks are everywhere, and most organisations will encounter them at one point or another.
Office 365 does attempt to filter out incoming mail through the Microsoft data centres, but even they do not have dedicated and sophisticated software to sniff the email for viruses contained within links and attachments. Traditional antispam software is not the same as email security as it only filters out some emails and cannot detect malicious content.
Fully-managed services from the likes of Trend Micro are specialists in threat detection, email security, antivirus and antimalware for cross-platform protections.
These companies collect all emails and pass them (always unopened and cannot read the content) through their dedicated emails servers with highly developed software to probe and penetrate emails and attachments, 'sniffing' out any potential threats and putting suspect emails in quarantine within their systems.
Off-site email security systems are becoming increasingly powerful and can scan direct emails from Microsoft as the next layer of protection from phishing scams. Microsoft Office 365 documents are also vulnerable to being hacked. Your files are potentially able to be injected with viruses, so when you download a saved document, the virus comes with it.
In the present 'working from home' environment, company documents may be downloaded and uploaded multiple times by multiple users, increasing the risk of a hacker gaining access to company servers and information via a laptop at home connected to the company systems.
Anything that comes in and goes out of your organisation is not always as secure as you think.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.