4 steps to fight spear-phishing attacks on your organisation in 2019

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Spear phishing campaigns are still hackers’ most-used attack vector in 2019, with over 90% of successful data breaches occurring as a result of a spear-phishing attack.

Without proper protocol and security measures in place, a targeted attack could spell disaster for your organisation. With the holiday season approaching fast, this would be far from ideal.

At Phishing Tackle, we believe that user knowledge is one of the greatest enemies to hackers and social engineers.

Here are our 4 steps to help you stay safer this winter and keep you and your organisation breach-free.

Four steps to fight spear phishers

1 – Be mindful of your online footprint

  • When browsing the web and (especially) social media sites, be very mindful of how much personal information you and your colleagues leave for others to see.
  • Try to think outside the box here:
    • Check uploaded photos for accidental inclusion of identification documents, home addresses, credit cards or anything that could be used to build a profile of you.
    • Don’t enter personal details into websites that don’t appear genuine.
    • Always check if a website uses HTTPS before entering payment or personal details. This won’t be a guarantee the site is genuine, but at least, you can be sure the data is encrypted whilst travelling between you and the destination web server.
    • Avoid entering more detail than is necessary on online forms, if it isn’t absolutely required why give it up?

2 – Always use different passwords

  • Remember that if you re-use a password across many sites, it only takes one site getting hacked for the malicious actor to have access to all your other accounts.
  • Use a password manager or random-phrase passwordsof significant length, these are easy to remember and hard to guess, as was illustrated many years ago by the XKCD comic below:
Comic demonstrating how we create passwords which are easy for computers to guess and difficult for humans to remember
Courtesy of XKCD

3 – Implement a strong data protection program

Data protection programs are essential for any organisation, regardless of size. They help your organisation minimise its sensitive data footprint and a security-first mindset among your colleagues. Data security specialist Spirion has simple yet effective guidelines which are still relevant today.

4 – Security Awareness Training & Simulated Phishing

We invest immense figures into complex security hardware which takes even more complex and well-trained staff to correctly configure. Yet, even with all this technology, approximately 15% of phishing emails, and especially spear-phishing attacks, find their way into a user’s inbox.

At this stage, your organisation’s security is entirely dependent on the training and ability this user has to spot a malicious email.

A well-trained user will simply report or delete the email as per the organisation’s security policy.

A less-than-well-trained employee may not notice anything is wrong with the message, then click it, respond to it, or open a small attachment within, a simple mistake which cost mid-size firms an average of £1.3 million per breach in 2019.

Security Awareness Training is by far the most cost-effective and efficient method of strengthening your human firewall and reducing your cyber threat surface. Check out our cost calculator and compare that to the price of a successful data breach…

Your staff are your first and last line of defence, it is up to you to make sure they know how to defend themselves and your organisation.