The holiday season is upon us with its shopping frenzy, e-cards, e-invites, links to products in wish-lists, suggestions to watch festive (or funny, or festive-funny) videos, and more. It is easy to get caught up in the cheer and forget about that watchful eye towards security you typically bring to email and other online activity.
According to the Experian 2015 Data Breach Industry Forecast, almost half of organizations suffered at least one security incident in the last 12 months, and employees and negligence represented 59% of security incidents in the last year. One big piece of that employee negligence: falling victim to spear-phishing emails. (Spear-phishing is a targeted phishing attack aimed at a specific person or company.)
For example, it is thought that the notorious Sony breach, the Anthem breach, the Target breach, the Chase breach, and even the attack on leading security company Kaspersky Labs are traceable to successful spear-phishing.
According to the 2015 Verizon Data Breach Investigation Report, 23% of recipients open phishing messages, 11% click on attachments, and in a controlled test involving more than 150,000 emails, Verizon’s team found the median time-to-first-click was 1 minute 22 seconds and nearly 50% of people opened and clicked in the first hour.
That’s why one of the biggest security threats small businesses like yours, and companies of all sizes, face on a day-to-day basis is phishing. To help you and your team stay security-focused and phishing-aware this holiday season and all year long, print and hang this Phish Catching Security Turkey infographic to remind you of best practices for spotting phishing email and for keeping yourself, and your small business, safe and secure. (Click the image to view a large version, or download the infographic as a .pdf)
As the Security Turkey Reminds Us:
Take the Warnings Your Browser Shows Seriously
If you accidentally click a link in a phishing email, warnings from your browser or anti-malware software can save you from compromise. Never access a website that the browser, or your anti-malware software, warns may be unsafe.
Use Caution when Entering User IDs and Passwords
Never enter User IDs and Passwords on forms in an email, or on forms linked from an email. Always double check the URL in your browser bar to make sure it is legitimate before entering User IDs, Passwords, Account Numbers, or other sensitive information on a web form.
Remember to Check Link Destination Before Clicking
A key way to spot a phish is to hover your mouse over links in an email. If it purports to be for the Amazon login screen, but the URL is amazon.scamsite.com, then you’ve caught a phish.
Keep Your “Phishy” Smell Detector Active at All Times
Stay vigilant about critically assessing the email you receive. Yes it’s the holidays, but an attached e-card from a stranger is not likely to bring tidings of joy, and no reputable company needs your banking log-in credentials to enter you in a holiday sweepstakes.
Err On The Side of Caution
Never click links or open attachments in email you weren’t expecting. If it sounds too good to be true, it probably is. If it feels even slightly off — Delete! If you’re not sure, call the sender and confirm. (Use a number you find independently, not one in the email.) If the email is legitimate, they’ll be happy to hear from you. If not, you’ve speared the spear-phisher.
You Are the First Line of Defense Against Phishing Attacks
Many email systems are designed to filter out as much spam and other malicious email as possible. But there is only so much technology can do. YOU are the best resource for spotting threats, thwarting them, and making sure that your team is aware of individual emails and common attack vectors that may pose a risk to them or to your small business.
For more information on phishing attacks and how to protect yourself and your small business from them see Tip posts A Phishing Scam in Action and Can You Spot SPAM, Phishing & Other Malicious Email?.
Sign up for Small Business Smarts to get more small business tips like this one, delivered directly to you.