Phishing attacks target organizations of all sizes
Phishing attacks are a growing risk for companies of all sizes. Organizations from small family-run businesses to the largest corporations regularly fall victim to phishing attacks. All it takes is for one employee to click on the wrong link or open an infected file, and attackers have an open door to the company’s network.
Last year, phishing attacks reached an all-time high, and we expect to see the number of phishing attacks grow even more quickly this year. Both random “spray-and-pray” attacks and targeted spear phishing attacks are popular with online criminals for a simple reason: they work.
Email is the key communication tool for most companies, and many employees spend the majority of their workday in their email inbox. Employees—and executives—are busy, and, being human, they’re prone to fall for the psychologically sophisticated temptations deployed by criminals.
What can you do?
To combat phishing, employee education is necessary, but not always sufficient. Companies must also invest in filtering to stop phishing messages reaching their employees, and to stop their networks being used as a source of spam phishing emails. Phishing targets an organization’s weak links: no matter how advanced a company’s firewalls and malware scanning tools, if a phishing email gets through and an inattentive employee is tricked, the attacker gains a victory. Employees need to be suspicious of email and know how to spot potential phishing attacks.
However, an anti-phishing policy that puts too much of a burden on employee vigilance is bound to fail. Even the best-trained employees can make a mistake when all their attention is focused on being productive. There is plenty of evidence that people who should know better—even technical experts who fully understand the risks—can suffer from lapses in judgement and attention. Punishing employees who cause a security breach by falling for a phishing email isn’t much more effective. Even the most motivated employee can be tricked by a sophisticated and convincing attack.
Filtering email for spam
The optimal approach is a defense-in-depth policy that educates employees while simultaneously limiting the number of phishing emails that reach their inboxes. In addition to protecting their networks from incoming phishing attacks, companies have a responsibility to ensure they aren’t also being abused to send phishing emails. Spammers use compromised servers and hosting, email, and content management system accounts to send phishing spam. Compromised networks that send spam will almost certainly be blocklisted by email providers, decimating the company’s ability to send email.
Smart reactive filtering for both incoming and outgoing email can help mitigate the risk that phishing poses to a company’s private data and its ability to have email delivered. Before email crosses the border between the internet and your network, it should be scanned for the tell-tale signatures of spam or a phishing attack.
How we can help
MailChannels Cloud is an SMTP relay service that is designed to protect your business from potentially harmful email. We scan email that leaves your network to ensure that any compromise in the system is caught and blocked, ensuring your IP stays reputable and reducing headaches for your IT team.
Read more about what we do and how our email security experts can help your organization.
*This post was updated in April 2018