Those links, buttons, and attachments in emails look so very tempting to just about anyone. They are begging to be clicked so you may unravel the mystery of where they will whisk you off to next or determine what information that attachment may contain. Phishing plays on this curiosity and propensity to click on links even though we may know it might not be the best thing to do. According to the latest 2017 Data Breach Investigations Report by Verizon, phishing accounted for 93% of social engineering attacks. Thus email is one of those communications mediums that technically should be given the least amount of “trust”. However, because it is one of the most universal options for business communication we have to deal with its many faults and flaws.
Changing behavior is never easy
Humans are creatures of habit and breaking habits or behaviors is extremely difficult. This we know, however, when it comes to clicking on links in email there are a few approaches that will help to curb its prevalence.
Creating a culture of awareness
Awareness of threats must be ingrained into every employee whether they are the CEO, sales person, or receptionist. Every individual matters when it comes to helping to stop threats such as phishing. The idea is not instill fear, but instead to ingrain knowledge of the potential dangers of clicking on a bad link, downloading a malicious attachment or entering credentials on a phishing website so employees can make informed decisions.
Think before the click
Where is this link actually going to take me? Do I even need to click on it or can I go to the organizations website directly by typing in the URL or using Google to search for it? I wonder why I even received this email? Perhaps I should check with IT to see if this email is legitimate? I hovered over the link to reveal where it goes, but is that enough to protect myself?
Simply taking just a few seconds to stop and think is the most important step. Email is potentially dangerous so one must always be vigilant even if it is from someone you know because perhaps their email account was compromised and that is why they sent you that odd looking link. When in doubt forgo the click or attachment download.
Build and upgrade your human firewall with cyber security awareness training from InteProIQ.
David Confeld
VP of Tech Ops @ InteProIQ