Did you know that 90% of modern data breaches now involve a phishing attack?
These attacks usually consist of fake emails designed to look like they’re coming from a brand or institution that you trust (for example Microsoft, a courier company or your bank).
Their goal is to entice you to click through to their fake website and enter your username and password details. This then enables hackers to steal your identity, breach your systems, and more.
Unfortunately, there’s no single silver bullet to avoid these attack – you need to implement a range of strategies to stop phishing from occurring. Here’s our list of 5 important strategies we recommend you implement:
#1 Education
When it comes to preventing phishing attacks, end users are your first line of defence. Unfortunately, they are also often your weakest link. Today’s cyber-criminals target managers and employees to infiltrate, counting on their ability to exploit human curiosity, distraction and error. Many employees are totally unprepared to identify suspicious or malicious web content, putting themselves and the companies they represent at risk.
Plus, for higher-value hacks, criminals put in greater effort to socially engineer the employee and abuse their trust. Senior executives with higher-level corporate permissions and access are often targeted in these types of campaigns – in fact these are now known as “whaling attacks”.
NetCare recommends Security Awareness Training (SAT) to provide effective cyber-security education that is both timely and relevant to the employee. Through a continuous training approach, our courses are designed to modify risky user behaviours that can put the network in jeopardy. NetCare SAT (powered by Webroot) is available now via monthly subscription of only $2 per user per month.
An action we recommend you take right now is to download our infographic entitled “5 Quick Ways to Spot a Hoax” and share it immediately with your staff.
#2 Office 365 Advanced Email Threat Protection
New malware campaigns are being launched every day, and Office 365 has a solution to help protect your email, files, and online storage against them.
Office 365 Advanced Threat Protection (ATP) can help protect your mailboxes, files, online storage, and applications against new, sophisticated attacks in real time. It offers protection in Outlook, Word, Excel, PowerPoint, Visio, Teams, SharePoint Online, and OneDrive for Business. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
NetCare recommends that all businesses using Office 365 add ATP to their monthly subscription for a cost of $2.86 per user per month. Initiating and customizing ATP for your business requirements by a member of our professional services team will take about two hours.
#3 Office 365 Secure Score
Using Microsoft Secure Score helps increase your organization’s security by encouraging you to use the newly added built-in security features in Office 365. Secure Score analyses your Office 365 organization’s security based on your regular activities and security settings and assigns a score. Think of it as a credit score for security.
NetCare recommends a review by one of our Professional Services team on a regular basis to ensure your Secure Score remains high - the average Secure Score in Australia is 30 - our minimum recommendation is 150!
#4 Identity and access management in the cloud
NetCare recommends integrating your on-premise servers and users with Azure Active Directory to provide a wide range of security enhancements including conditional access based on device and location, as well as multi-factor authentication.
We use the Microsoft Azure Premium P1 plan ourselves and there’s also the higher priced Premium P2 plan for clients that require the highest level of identity and access management across their cloud-based applications.
#5 Dark Web Monitoring
The Dark Web is the underbelly of the Internet; consisting of a network of websites which are hidden from your typical internet user and inaccessible via mainstream search engines. Digital credentials that have been phished are commonly sold on the Dark Web, with the buyers then using those usernames and passwords to attempt accessing a range of websites including the Office 365 portal.
NetCare recommends our Dark Web monitoring service, powered by ID Agent, to protect your business from this occurring. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your domain name, and notifies us immediately when these critical assets are compromised. NetCare Dark Web Monitoring is available for $150 per domain per month.
NetCare is Ready to Assist in Avoiding Phishing Attacks
Unfortunately, phishing and whaling attacks are on the increase and collectively we need to take more precautions than was previously required. Our professional services team are ready to assist with a review of your cyber security requirements and also to implement the strategies that you decide are appropriate for your business requirements.
To fast-track your review, feel free to contact the IT security experts at NetCare.