I am sure you’ll agree with me when I say phishing emails are almost a daily occurrence in your inbox. In this article, you will find out the most important IT security measure you can implement for your business to help protect against a successful phishing email campaign.
Best of all, this security feature is free with most popular email providers like Office 365 and Google’s G-Suite.
Let’s first break down the consequence of a successful phishing email. Most of these emails are looking for one thing.
Your login details.
There’s a reason for this – once a would be hacker has your login details they’ll do a number of things inside your email account. More than likely they’ll implement an email rule that will forward all incoming and outgoing emails to a proxy account. This proxy account is monitored by them where they can intercept emails to do with financials. The purpose of this is simple – so they can change the bank account details in an email. Instead of transferring money to the intended account it goes to their account.
This is a very sneaky attack that I’ve seen implemented a number of times.
The other item these hackers will do with your account is that they start using it to send phishing emails to your contact list. This helps bypass many of the anti-phishing mechanisms most IT and email providers implement.
So how do we stop the phishing attacks from happening?
Enable Two-Factor Authentication
It’s fairly simple, to be honest, enable two-factor authentication. This is also known as multi-factor authentication.
We have written about this topic before; How To Secure Your Companies IT Like A Boss. The reason we are repeating it is that it’s the number one way to stop attackers in their tracks.
If all businesses started using two-factor authentication (2FA) it would drastically cut down on the volume of phishing emails. That’s because with 2FA implemented there’s it stops most automated phishing attacks in their tracks. Here’s a list of the most common services that are regularly spoofed by automatic email phishing attempts:
- Office 365 SharePoint
- Google Docs
- Apple and iTunes
You can access an extensive list of all service providers that support this security measure by following our sing up process below. It’s worth getting your staff to check this list. All of these services offer two-factor authentication as part of their service at no additional charge.
If you or your staff use any of these services it’s high time you started implementing two-factor authentication on all accounts associated with them. This basic advice could save your business considerable time and money if any of your staff fall victim to clicking a link and entering credentials.
If you would like a full IT security remediation of your staff’s online accounts and internal network, then please leave a comment or click here to contact us for further details.