You are the secret weapon against cyber breach!
Phishing emails have been on the rise in recent years. Within the news, as well as from friends and colleagues, the rise of phishing attacks within the healthcare industry is difficult to ignore. The apparent ubiquity of these attackers is no misnomer, either. The frequency of attempted attacks has increased year over year, with a recorded 73% increase during 2020 alone, which is theorized to double again for 2021. A complete understanding of what phishing emails are, along with implementing best practices, is necessary to protect businesses on an employee level. Consistent training across the work force is the best defense for a company protecting its data, as all employees are equally likely to be targeted.
Phishing emails can either be general or targeted in execution. Targeted phishing emails, known as “spear phishing” are made to look like a legitimate email to a specific member of a company. In the case of targeted phishing, an attacker may do research on your company using social media or your company’s website to select a desired entry point. CyberSec Insiders reported that attackers will opt to select entry-level staff 51% of the time. The rationale? Attackers assume that these employees tend to not fully understand company policy regarding emails and that they are eager to satisfy whatever requests they receive to appease superiors. Because of this, high-level management actually receives the least amount of targeted attacks.
There are a litany of bad actors eager to test employees’ understanding of phishing. Accessing and retrieving your data for encryption or extortion is their #1 goal. While there are similarly a number of tools and programs built to help keep data safe, employee ability and understanding of phishing attacks remains the first line of defense for all businesses.
To combat phishing attempts, the first step in employee training is to ensure they understand these top three rules of email safety etiquette:
- 1. Links and attachments: If you receive an email with an attachment or a link from a person or address that is not recognized, do not open any included links or attachments, and immediately discard.
- 2. Vendor email: If you receive an email from a vendor claiming you missed a payment, or there was a policy change do not click on the link in the email. Instead, directly go the vendor’s website to verify this information. Further verification should occur via the phone, or in person. If a vendor must be verified via email, start a new email by filling out the desired email address manually.
- 3. Someone you know asking for help/favor: If you receive an email from someone you know asking for a transaction of any type, please verify with that person directly (via phone or in person). If an employee must verify via email, start a new email thread by filling out the desired email address manually.
If at any time something does not look right, or you believe your email has been compromised, immediately forward us the email at firstname.lastname@example.org