by Karen Stern
Is your small business protected from the most prevalent form of social engineering—email phishing?
Although there are a number of different types of social engineering attacks, phishing was again the top variety, found in over 90 percent of both incidents and breaches, according to the 2017 Verizon Data Breach Investigations Report. The report also noted that 95 percent of phishing attacks that led to a breach were followed by some form of software installation. The act of manipulating people into disclosing sensitive data continues to be on the rise, and it’s important for organizations of all sizes to lay the groundwork for prevention and detection.
Below are the areas of focus to prepare against potential phishing attacks:
Prevention:
• Educate users on the signs of phishing emails and where to report them.
• Isolate systems so the malware cannot spread.
• Consider including “[External],” “[E]” or “[Not from the CEO!]” in the subject line for incoming outside emails.
• Create an internal process that includes some form of communication other than email, particularly for large wire transfer requests.
Detection:
• Develop an incident response plan to identify, contain, notify about and resolve the incident.
• Expire credentials that may have been compromised.
• Understand where infected users have system access.
• Work with your financial institution to block and alert about irregular activity such as large transfers of funds.
To learn more about email phishing trends and to get other independent advice, contact Bill Gogel at bgogel@bswllc.com or 314-983-1363.
Karen Stern, CPA, (kstern@bswllc.com), partner in charge, Brown Smith Wallace Entrepreneurial Services Group, provides tax and accounting services for companies ranging from start-ups to $20 million in revenue.
Submitted 6 years 234 days ago