A 100% guarantee that at least one person on your network will get hacked!
I know beyond a shadow of a doubt your employees will be attacked. This is one bet Vegas will never go against because they would be out of money on day one. I myself have been phished numerous times through emails and telephone calls. I once got a call from a scammer who explained that Donald Trump had found millions of dollars that I needed to claim and the phishing emails I’ve received are far too many to count. According to Security Affairs, 97% of people cannot identify phishing emails. This is a huge problem that needs to be addressed with education immediately! In another study, Intel Security asked people to identify phishing emails from 10 different email examples. The data for the study was collected in 144 countries, and 19,000 people were surveyed. The results of the study are staggering.
The end user is the weakest link
The study brings up a glaring hole in network security; your end users. If 80% surveyed got at least one wrong answer and it only takes one to compromise your network; the odds are highly against you. You will be compromised. The only question now is will it be a banking Trojan that steals large sums of money from your bank account, will it be an attack that steals Personally Identifiable Information, will the attackers cause physical damage to your systems or will they use your resources to initiate large-scale attacks across the internet? Maybe it will be all of the above? Whatever the outcome, it is always terrible and usually results in a loss of revenue or reputation to the victims.
How to Identify Phishing Attempts
The great thing about phishing emails is that with a little investigation, you can usually identify and avoid these attacks. Microsoft does a great job of helping to identify some key items in emails to be suspicious of when you suspect you have received a phishing email. Take a look at some of the key items Microsoft has identified.
Here is an example of a suspicious hyperlink. When hovering over it, you can see the actual hyperlink doesn’t match the address presented in the link.
Don’t forget about those phishing phone calls. I don’t have a graphic for that. You have to use common sense and listen to what the caller is asking you. Never give out confidential information over the phone including usernames and passwords. Never go to websites and download software from a phone request.
Educate Your End Users!