Phishing is usually an entry point to a cyber attack, and must be prevented as it can lead to much worse cyber incidents. 84% of businesses have received phishing emails, social media posts or text messages in the past year, found the latest cyber security research by the Government.
Put simply, phishing attempts are messages that are sent to your businesses from hackers, that are created to imitate real business communications. This is a type of social engineering as they are essentially trying to trick you into handing over sensitive information, or to click on a link.
You can often spot them due to bad grammar, incorrect email sender addresses, unusual language, as well as some urgency why you ‘must’ click the link. The hackers are hoping that you, or your employees, are busy and won’t notice that the email or message is fraudulent.
What do hackers get from phishing?
Fraudsters are after a number of things from a phishing attack:
Installing malware on your computer which will allow them access
Access to sensitive or important data, such as ID or payment details
Taking over your social media accounts and posting phishing links to further hacks
A successful phishing attack could lead to financial loss fraud, through subsequent ransomware attacks and data breaches.
Loss of trust and reputation
Overall, any type of cyber breach where your customer or suppliers details or accounts have been compromised can lead to a huge lack of trust.
It could also mean you can’t fulfil customer’s orders or any ongoing service, due to loss of control of your own data or website. This could have a huge impact on your businesses finances and reputation. At worst, it could see a small business have to close down if they cannot recover from the cyber attack.
This shows how important it is to ensure you have optimum security around your business IT and accounts, and full training and awareness for any employees.
AI on the increase
However, with the huge increase in generational AI, like ChatGPT, this makes it a lot easier for criminals, particularly from other countries, to create genuine-sounding communications.
It also makes it a lot easier for criminals to target hundreds or thousands more people using AI technology.
DI Dan Giannasi is a seconded police officer who specialises in preventing cybercrime for businesses.
His advice is: “We tell all businesses that prevention is key as recovering from a cyber attack for any business can be really difficult and still incur huge losses and costs.
“It’s really important for businesses to ensure that their employees have had cyber training around phishing, and understand how to spot a phishing message. This is really important to embed cyber security and awareness into the culture of the business.
“While there are great security features and tools which can help prevent phishing emails from reaching your team, they can still get through. This is why it’s so crucial your staff know how to identify and respond to a phishing email. This will give them the confidence to question an unusual request or think twice about clicking on a link before it’s too late.”
Do we need to train our employees on phishing?
The NWCRC works with the best cyber students from the region’s universities, who act as cyber security consultants for small businesses. They use their cyber skills to provide affordable services to small to medium businesses while providing high-level professional experience to add to the CVs.
Comments