Email communication is a cornerstone of modern business. Ironically, 85% of emails sent aren’t communications at all. Spam is a disease infecting most modern communication channels. While some spam is harmless, other messages, like phishing, are dangerous attacks. Phishing is the act of sending fraudulent emails in order to steal personal information. While phishing can wear many disguises, the intent is always the same.
It doesn’t stop there. Phishing is often the opening move in a more complicated cyber attack. More than half of all phishing emails contain malware. 184 million ransomware attacks (cyber attacks meant to extract ransom from the victim) happen every year, and the number is only rising. Thanks to the globalized nature of the digital landscape and the difficulty of prosecuting cyber criminals, cybercrime grows only more rampant as time goes on.
Anyone can be a victim of cybercrime. Even large businesses. Earlier this year, a ransomware cyber attack crippled Colonial Pipeline’s supply line, causing a massive gas panic in the United States. Meat giant JBS saw ⅕ of their production halted when integrated ransomware locked down their digital systems. Clearly, company size and resources are no guarantee against cybercrime.
Yet while size and resources may not prevent cybercrime, they could help determine who recovers from a successful cyber attack. The majority of small businesses close permanently within 6 months of a phishing attack. The initial attack is rarely the main issue. It can take between 2 and 6 weeks for small businesses to purge ransomware from their systems. Many cannot operate normally during this time. Furthermore, cyberattacks are poison to customer retention. Customers must be notified of any breach threatening their personal data. As many as 70% of customers end their relationship with a business after it fails to keep their data safe. Lost operating time and customer attrition do more to hurt a small business than the initial cyber attack ever could.
What can companies of all sizes do to better defend themselves? One good consideration is data protection. Only 5% of companies have protected documents and folders. A majority of companies have over 1,000 sensitive files available to all their workers. If one worker falls prey to a phishing email, it’s over for the whole company.
Companies should also want their employees to know how to spot a phishing scheme. 85% of scams need human error to succeed. Establishing a regular cybersecurity training program can reduce the chances an employee will be fooled by phishing emails. Every suspicious link not clicked is a crisis averted on the company’s end. Having employees keep their eyes out for security discrepancies can also save companies from disaster. Over half of attacks are too advanced for regular protection programs, and most businesses don’t keep IT workers in-house.
Additionally, companies ought to verify all their invoices and payments. 54% of attacks involve credential harvesting, which can be used to commit invoice fraud against a company. If a company catches suspicious payments before they spiral out of control, they can keep their company from being robbed blind.
Finally, investing in email security programs is worth the cost. 43% of small businesses decline to use a cybersecurity plan at their own peril. Meanwhile, advancements in AI are leading to 50% more attacks being blocked from human inboxes. The best system lets only 5.1 malicious emails through for every 100,000 messages received. The best defense is the one that acts before problems have the potential to arise.
Phishing email awareness begins with you.