Phishing scams continue to be a problem for organizations of all sizes. A single unaware employee can cause an entire business to shut down for days, simply by falling for a phishing scam. Once a cybercriminal gets access to your network, they can exploit your data, steal information or even lock you out of your own systems. Phishing is serious business for hackers; the average cost of a phishing attack in 2016 was $1.6 million.
Google Docs and Gmail were recently victimized by hackers, who created malware to infiltrate user’s real accounts and send copies of itself via a legitimate looking email. Once the malware got into a system, it could replicate itself and forward itself to everyone on the victim’s contact list. Entire organizations were threatened and Google took an unprecedented step of warning users about this specific phishing attempt.
Google’s Anti-Phishing Tools took additional steps this spring to halt the spread of phishing. In most versions of this scam, hackers send emails that tempt users into clicking links or opening attachments. Once the victim does so, the malware is delivered to their network and where it can continue to spread on its own. Almost all phishing attempts in 2016 contained ransomware, which would lock users out of their own accounts and systems until a ransom was paid. Businesses of all sizes, schools and even healthcare facilities have been impacted and the FBI has warned that ransomware is a rapidly growing threat. Understanding what phishing is and how it works can help you avoid an outbreak in your own organization.
What Google’s Anti-Phishing Tools Mean for You
Google engineers worked to create an early phishing detection system that uses algorithms to identify suspicious emails. Once identified, the suspect email is further analyzed using a safe browsing test; this delays delivery by only a few minutes and enhances security. So far, the algorithm uses machine learning to quickly identify spam and phishing patterns; according to Google, up to 70% of the email that passes through Gmail each day is spam, making the new tools a much-needed upgrade for security conscious users.
In addition to the updated and more comprehensive algorithm, Google has incorporated click time warnings to further cut user risk. An unintended external reply warning has also been implemented; this alert is intended to reduce risk by identifying new or different external email addresses or addresses not already in the user’s contact list.
Anti-Phishing Tools are Helpful, but Don’t Replace Traditional Security
While Google’s recent steps can help keep your organization safe, their newly developed tools are designed to enhance your security suite, not replace it. Keep all malware and other protective features in place to ensure your network stays secure.
Anti-phishing training is an essential security component for any organization. Every employee in your business needs to be able to spot and identify suspicious emails, links and attachments and they need to know what to do if they encounter what looks like a phishing attempt. When employees can access your network via workstations, laptops, mobile devices and smartphones, your entire network is in their hands. They need to be capable of detecting threats if you want to keep your business safe and prevent costly downtime.
Regularly backing up your systems and creating a recovery plan can also help you reduce your risk; when you have a recent point to restore to, you can recover quickly, even if you do fall victim to a hacker.
What Can You Do?
Global Learning Systems Helps You Protect your Business
Every year, there are more cybercriminals and more methods being developed to exploit your systems. By empowering your employees with our anti-phishing training, you can be sure that they won’t fall for these increasingly common scams. Contact us to learn how easy it is to educate your entire team and to protect your business from the cybercriminals who wish to harm you. We’re here to give your team the skills they need and to give you peace of mind about your data and network.