The most important IT security measure you can implement for your business.
I’m sure you’ll agree with me when I say phishing emails are almost a daily occurrence in your inbox.
In this article you will find out the most important IT security measure you can implement for your business to help protect against a successful phishing email campaign.
Best of all this security feature is free with most popular email providers like Office 365 and Google’s G-Suite.
Let’s first break down the consequence of a successful phishing email. Most of these emails are looking for one thing.
Your login details.
There’s a reason for this – once a would be hacker has your login details they’ll do a number of things inside your email account.
More than likely they’ll implement an email rule that will forward all incoming and out going emails to a proxy account. This proxy account is monitored by them where they can intercept emails to do with financials.
The purpose of this is simple – so they can change the bank account details in an email. Instead of transferring money to the intended account it goes to their account.
This is a very sneaky attack that I’ve seen implemented a number of times.
The other item these hackers will do with your account is start using it to send phishing emails to your contact list. This help bypass many of the anti-phishing mechanisms most IT and email providers implement.
So how do we stop the phishing attacks from happening?
It’s fairly simple, enable two factor authentication. This is also known as multi factor authentication.
We’ve written about this topic before and the reason we’re repeating it is because it’s the number one way to stop attackers in their tracks.
If all businesses started using two factor authentication (2FA) it would drastically cut down on the volume of phishing emails. That’s because with 2FA implemented there’s it stops most automated phishing attacks in their tracks.
Here’s a list of the most common services that are regularly spoofed by automatic email phishing attempts:
- Office 365 SharePoint
- Google Docs
All of these services offer two factor authentication as part of their service at no additional charge.
If you or your staff use any of these services it’s high time you started implementing two factor authentication on all accounts associated with them.
This basic advice could save your business considerable time and money if any of your staff fall victim to clicking a link and entering credentials.
If you would like a full IT security remediation of your staff’s online accounts and internal network leave a comment or click here for further details.