Though it's true that the technology we use on a daily basis has made our lives easier and more convenient, it's unfortunately also made them more dangerous at the same time. According to a study conducted by IBM in association with the Ponemon Institute, the average cost of a single data breach incident rose to an all-time high last year of $4 million. For every document or other record containing sensitive information that your business loses, you can expect to incur about $154 worth of damages.
One of the most common ways that these types of incidents occur has nothing to do with sophisticated, state-of-the-art technology and everything to do with what is essentially the oldest trick in the book - phishing. Phishing scams are on the rise and make no mistake, you need to start taking steps to protect yourself now or you could pay a potentially devastating price before you know it.
What is a Phishing Scam?
At their core, the brilliance of phishing scams are in their simplicity. A phishing scam is any email, hyperlink, text message or phone call that is designed to gain unauthorized access to something like a website or server. If one of your employees receives a phishing email, for example, it may be a message designed to look like it came from your HR department. It might tell the employee that there is a problem they have to solve by logging into a particular website and a hyperlink is usually included.
The link is fake, however, but by the time the problem is discovered its likely too late. Your employee has given their totally legitimate credentials over to someone with malicious intentions and now that hacker can gain unauthorized access to whatever they want. It uses the power of social engineering against the user and it's shockingly effective, too.
The State of Phishing Today
For evidence of the fact that phishing attacks are alarmingly effective, look no farther than their popularity. According to one recent study, phishing attempts rose an incredible 250% in the first quarter of 2016 alone. An alarming 85% of all organizations reported being victimized by phishing attempts in 2015, up from just 13% in 2014. Also consider the fact that it was reportedly a simple phishing attempt that led to the email leaks that essentially derailed Hillary Clinton's 2016 presidential campaign. This is the type of catastrophic damage that we're talking about.
So to that end, the answer to the question "are my employees at risk for a phishing attack?" is and will always be "yes."
One of the major ways to avoid phishing altogether is to invest in quality training for ALL of your employees to help make sure they understand what a fraudulent email might look like, what the potential ramifications are and what they should do next. Never, under any circumstances, should an employee click on a link in a email from a sender they are unfamiliar with. If an email supposedly came from your business' own IT department, they should call IT immediately and double check. In the United States, your employees can also report all phishing attempts by filling out an FTC Complaint Assist Form.
Your business also needs to remain as proactive a possible about any and all cyber threats, particularly in the modern era. Education is a solid first step, but it is just that - a first step. You need to be performing regular and comprehensive network scans to keep an eye out for suspicious activity and use things like analytics and other historical logs to identify suspicious behaviors before they have a chance to become much bigger (and more costly) problems down the road.