Common Mistakes Companies Make That Increase Phishing Risk

No matter how much we try to get rid of phishing, it’s one danger that just won’t go away.

In 2020, 57% of surveyed companies were victims of a successful email-based phishing attack, and in 2021, that number increased to 83%.

Are companies getting worse at fending off phishing or is phishing becoming more sophisticated? It’s a combination of both. Often some of the most devastating attacks happen due to a lack of basic cybersecurity best practices, and as phishing becomes more targeted and harder to detect, companies lag further behind the attackers.

Business email is the main method of communication in most offices and the biggest risk to company wellbeing. That’s because phishing remains the #1 delivery method for all types of attacks, from credential theft to ransomware.

Hackers use phishing to bypass digital systems and go straight to users, whom they trick into opening infected attachments or visiting a dangerous phishing site from a link.

Often company leaders are contributing to the risk their organization will fall victim to a phishing attack without even realizing it.

Are You Making Any of These Phishing Mistakes?

No business owner or manager wants to do things that will put their company at a higher risk of a data breach or malware infection. But these mistakes often come from complacency or simply being unaware.

If you recognize any of these in your own business, it’s time to make some adjustments to improve your security situation before you become a cybercriminal’s next victim.

Not Providing Thorough Enough Phishing Training

How well are you training your team on how to identify and deal with phishing? How often do you conduct phishing training?

If you’re doing once-a-year training in the form of a 1-hour session that covers all the common email phishing detection topics, then it’s not enough.

In order to build a culture of cybersecurity and keep your team sharp on their phishing detection skills, it takes ongoing training in different forms. This doesn’t mean you have to have long company meetings each month on cybersecurity, it just means having a well-rounded training strategy.

Some of the ways you can incorporate ongoing phishing training include:

• Online video series
• Security tips in your company newsletter
• Department-based training
• Celebrating cybersecurity awareness month

Also ensure you’re including a variety of topics, not only the basics of phishing detection like hovering over links or checking the sender. While these are important, there is also other important material that can help protect your team. 

For example, the top keywords used in phishing emails:

• Urgent
• Request
• Important
• Payment
• Attention

Forwarding Phishing Emails to Other Staff

If you’re a manager or “boss” and you forward an email to an employee without really looking at it, you could increase the risk of them clicking on a phishing email.

For example, say you get an email that looks to be from your bank about an account problem with online banking. You don’t have time to look at it right now to even see if it’s legitimate, so you forward it to your office manager.

That office manager will now see that as a directive and will probably not give that email the type of scrutiny it needs. This could lead to them clicking a link and logging into a spoofed site and handing over the password to your company’s online banking.

Be aware of the emails you’re forwarding and if you receive something strange that you want to have someone else deal with, at the very least tell them to check it or have your IT provider check it for potential phishing. 

Not Addressing Phishing via Text Message

Another mistake is only addressing email phishing with employees when training them and not bringing up the growth of phishing via text message, aka “smishing.”

Smishing is becoming more dangerous because most people aren’t yet looking for it. Scammers can easily buy mobile numbers online and then send text messages offering a free gift or that masquerade as a shipping alert.

In 2020, smishing attacks jumped by 328%. Make sure you incorporate training to help employees be aware of and avoid text-based phishing.

Overburdening Your Staff

When people are stressed and overburdened with work, they tend to make more mistakes. They don’t have time to take a step back to investigate an email before reacting. They can also easily be tricked because they’re worn down from the workday.

Keep the detriment of overwork in mind when tasking your staff, and remember that cybersecurity can suffer when employees are stressed out.

Set Up a Phishing Training Strategy for Your Team

The payoff in reduced risk is huge when your team is properly trained to identify phishing and other IT security threats. Quantum PC Services can help! We’ll assist your Sturgeon Bay area business with an employee security training strategy that encourages a culture of cybersecurity.

Contact us today to learn more! Call 920-256-1214 or reach us online.