For most of us, phishing emails are almost a daily occurrence in our inbox.
In this article you will find out the most important IT security measure you can implement for your business to help protect against a successful phishing email campaign.
Best of all, this security feature is free with most popular email providers like Office 365 and Google’s G-Suite.
The Risk of Phishing Emails
First, let’s break down the consequence of a successful phishing email. Most of these emails are looking for one thing.
Your login details.
There’s a reason for this – once a would-be-hacker has your login details, they’ll do a number of things inside your email account.
More than likely, they’ll implement an email rule that will forward all incoming and outgoing emails to a proxy account. This proxy account is monitored by them where they can intercept emails that contain sensitive information like financial details.
The purpose of this is simple – so they can change the bank account details in an email. Instead of transferring money to the intended account, it goes to their account.
This is a very sneaky attack that we’ve seen implemented a number of times.
The other item these hackers will do with your account is start using it to send phishing emails to your contact list. This help bypass many of the anti-phishing mechanisms most IT and email providers implement.
So, How do we Stop the Phishing Attacks from Happening?
The answer is fairly simple: enable two factor authentication. This is also known as multi factor authentication.
We’ve written about this topic before and the reason we’re repeating it is because it’s the number one way to stop these types of attacks in their tracks.
If all businesses started using two factor authentication (2FA) today, it would drastically cut down on the volume of phishing emails. That’s because with 2FA implemented, it stops most automated phishing attacks immediately, even if they’re successfully able to crack your password.
Here’s a list of the most common services that are regularly spoofed by automatic email phishing attempts:
- Office 365 SharePoint
- Google Docs
All of these services offer two factor authentication as part of their service at no additional charge.
If you or your staff use any of these services, it’s high time you started implementing two factor authentication on all accounts associated with them.
This basic advice could save your business considerable time and money if any of your staff fall victim to clicking a link and entering credentials where they shouldn’t.
If you would like a full IT security remediation of your staff’s online accounts and internal network, click here to contact us.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.