Following the announcement earlier this week of a sophisticated 'phishing' cyber attack targeted against the States of Guernsey, which was very quickly stopped in its tracks, we take a closer look at what a phishing attack is, how it affects you and what you can do to protect your business.
What is a 'phishing' attack and are they common?
‘Phishing’ is a type of social engineering attack where the attackers are trying to lure users into providing sensitive information or access to systems to deploy further attacks. In many cases they are looking for log in details, giving them access to credit card numbers, bank account details and so on. It can happen when a victim clicks on a link in an email – other forms of phishing include; spear-phishing, where customised emails which include the victim’s name and other personal information; vishing – where contact is made by telephone with the victim and finally, smishing where the victim receives a text message. Latest figures show these are the most common form of business cyber security incidents.
What can I do to protect myself and my business?
- Think twice before clicking on a link in an email
- Verify the authenticity of anything you are being requested to do
- Keep your eyes open and report anything suspicious
- Invest in awareness training for all staff
- Install a trusted email security filter
- Install an anti-virus program
- Install security patches on your devices as soon as practically possible
And for general cyber safety, we recommend:
- When you leave any device unattended, lock it
- Shred confidential waste
- Set strong and unique passwords
- Use removable media (i.e. a USB stick) sparingly and responsibly
- Keep work data on business devices & systems
- If you do bring your own devices, make sure the business data is containerised from personal
- Operate a "least privilege access system" - which works by only allowing users enough access to perform their required job
- Follow all company policies
If you need further clarification on how you and your business can protect yourselves from phishing attacks, please get in touch.