TOP 5 THINGS TO KNOW IF YOU ARE CONSIDERING GETTING CYBER INSURANCE

TOP 5 THINGS TO KNOW IF YOU ARE CONSIDERING GETTING CYBER INSURANCE

As cyber attacks continue to increase in number and sophistication, more and more companies are purchasing cyber insurance. If you are considering getting this type of policy for your business, here are five things to keep in mind.
Discovering that a hacker just conned your business out of a large amount of money is probably one of your worst nightmares. For one organization, this nightmare came true. In December 2018, the Connecticut-based Save the Children Federation revealed that it fell victim to a business email campaign (BEC) scam the year before. The charity unwittingly transferred nearly $1 million to the hackers’ account.

Fortunately, the charity had cyber insurance, which covered most of the stolen money. The charity ended up losing only $112,000.

With BEC scams and other types of cyber attacks increasing in number and sophistication, more and more organizations are turning to cyber insurance to mitigate the risks and offset the costs of cyber attacks and other Internet- and IT-related liabilities. In the United States alone, the market is expected to grow from $2 billion to $15 billion in the next decade.

If you are considering purchasing cyber insurance for your business, here are five things to keep in mind:

  1. Cyber Insurance Is Continually Evolving

Cyber insurance is not new. Its roots are in errors and omissions (E&O) insurance policies. Around 20 years ago, add-ons were attached to tech companies’ E&O policies. These add-ons covered incidents such as a tech company’s software program bringing down another company’s network. Eventually, the add-ons evolved into separate policies that covered a lot more types of incidents (e.g., data breaches). As the kinds of coverages increased, so did the interest in these policies by companies outside the tech industry.

Nowadays, there are many different types of cyber insurance policies being purchased by many different kinds of businesses. And as the Internet, cyber crime, and IT systems evolve in the future, so too will the cyber insurance policies.

  1. Comparing Policies Can Be Challenging

Cyber insurance policies can be hard to compare because there is no set standard for underwriting this type of insurance. It is up to each insurance company to decide what it will cover and how to market that coverage. As a result, you might find that:

  • Some insurance companies simply add cyber insurance extensions to existing insurance policies. Most insurers, though, have separate cyber insurance policies. Stand-alone policies are usually more comprehensive than extensions, according to experts.
  • Some insurance companies put different types of coverages into separate policies. For instance, they might have a policy covering just data breaches and a policy covering cyber liability. In contrast, other companies offer one policy in which they include all their coverages (e.g., one policy covering both data breaches and cyber liability).
  • A few insurance companies offer different cyber insurance policies for different types of organizations. For instance, they might have separate policies for small businesses, tech companies, and public sector entities.
  • Like other types of insurance, the cost of the cyber insurance depends on many factors beyond the type of coverage provided. For instance, a business’s gross revenue, industry, and data risks are factored into the cost.
  1. Types of Expenses That Are Commonly Covered

Although there is no standard for underwriting cyber insurance policies, they cover many of the same types of expenses. Insurance companies typically cover cyber incidents caused by both internal actors (e.g., errors and omissions by employees) and external actors (e.g., cyber attacks by hackers). Examples of items usually covered include:

  • Lost revenue due to network downtime or a business interruption resulting from a cyber incident
  • Cyber extortion costs (e.g., ransomware payment)
  • The expenses incurred from a forensics investigation of a cyber attack
  • The costs incurred to restore data and systems after an attack
  • The expenses associated with notifying customers and other parties about a cyber incident
  • The cost of hiring a PR firm to minimize a cyber incident’s impact on a company’s reputation
  • Regulatory fines
  • Defense costs to handle lawsuits levied by individuals or businesses adversely affected by a cyber incident or a lawsuit imposed by a government entity (e.g., a state’s Attorney General)
  • Legal settlements from lawsuits

As this list shows, cyber insurance usually covers expenses incurred by the insured business as well as third parties adversely affected by the cyber incident. This is referred to as first-party coverage and third-party coverage, respectively.

  1. What Is Usually Not Covered

There are some costs and types of incidents that are not typically covered in cyber insurance policies. They include the loss of future revenue due to a cyber incident, costs to improve internal IT systems, bodily injury, and property damage.

In addition, it is important to know that a claim can be denied if a company misrepresents its security measures. Businesses are usually required to fill out an application that includes questions about the security measures they have in place. If a company submits a claim and the insurer can prove that the business did not have the specified security measures in place, the insurer can deny the claim.  If California Computer Options, Inc. (CCO) is your Managed IT Service Provider than all of the paperwork and prerequisites will be handled for you.

  1. Where to Start If You Want to Get Cyber Insurance for Your Business

Before shopping for cyber insurance, experts recommend that you start by identifying the following for your business:

  • The types and sensitivity of the data used in your business
  • The kinds of cyber threats your company faces
  • How susceptible your business’s operations are to a network interruption and how much revenue you would lose every day if a cyber incident brought down your operations
  • Whether your business must adhere to any cyber-related laws or regulations (e.g., European Union’s General Data Protection Regulation, United States’ Health Insurance Portability and Accountability Act) and the cost of noncompliance
  • The contracts you have with suppliers and other business associates and what data they are able to access through joint business operations

With this information, you can get an idea of the types and amount of coverage needed. We can help you gather this information so you can get the best cyber insurance for your business.

Perch Security: Hackers Use Ryuk Ransomware to Collect $640K

Perch Security: Hackers Use Ryuk Ransomware to Collect $640K

Cybercriminals recently used Ryuk ransomware to collect at least $640,000 in Bitcoin from global organizations over a two-week span, according to master MSSP Perch Security.

Perch, backed by ConnectWise and Fishtech Group, develops various monitoring and early warning systems to help channel partners minimize security threats facing their end-customers.

Hackers launched a Ryuk ransomware campaign against global organizations in August, Perch indicated. They used network mapping, network compromise and credential theft in conjunction with Ryuk ransomware to encrypt victims’ PCs and storage and data centers and demanded Bitcoin ransoms.

Ryuk is used “exclusively for tailored attacks,” network and endpoint security software provider Check Point Software Technologies stated. It ensures that crucial assets and resources are infected in a targeted network; meanwhile, cybercriminals carry out the ransomware’s infection and distribution.

During a Ryuk attack, the ransomware sweeps every drive and network across a victim’s system, Check Point said. It then encrypts every system file and directory except for any file or directory that contains text from a hardcoded whitelist.

Cybercriminals have used multiple versions of ransom notes during Ryuk campaigns, according to Check Point. The highest recorded payment to date from a Ryuk attack was 50 Bitcoin (approximately $320,000), and other Ryuk attacks have resulted in ransom payments that range between 15 and 35 Bitcoin (up to $224,000).

How to Address Ryuk Ransomware Attacks

Cybercriminals have already used Ryuk to launch successful ransomware attacks against global organizations. As such, they likely will continue to use Ryuk to deploy ransomware attacks in the foreseeable future.

Perch offered the following recommendations to mitigate Ryuk ransomware attacks:

  • Use an intrusion detection system (IDS) to monitor all network communications.
  • Deploy email filtration technologies to identify malicious email attachments.
  • Leverage file integrity monitoring (FIM) tools to identify downloaded executables related to Ryuk and other ransomware attacks.
  • Use security monitoring tools.

The number of ransomware attacks tripled across all industries in 2017, according to artificial intelligence-based advanced threat prevention solutions provider Cylance. However, MSSPs can help organizations identify and address Ryuk and other ransomware attacks.

How Can MSSPs Help Organizations Address Ransomware Attacks?

MSSPs can help organizations address ransomware attacks and other cyber threats in several ways, including:

  • Develop and launch an employee training program. Help an organization develop and launch a cybersecurity training program that teaches its employees how to identify cyber threats and limit their impact.
  • Safeguard critical data against insider threats. Offer data security and identity and access management (IAM) solutions to help an organization protect its sensitive data and manage user access.
  • Provide threat intelligence. Deliver threat intelligence in conjunction with unstructured data from blogs, websites and other relevant sources to help an organization evaluate security incidents. 
  • Implement an incident response plan. Help an organization create and deploy an incident response plan and update this strategy regularly.

MSSPs can help organizations minimize the risks associated with ransomware and other cyber threats. If you would like to protect your organization from ransomware contact us today.

Original post by: Dan Kobialka

7 Microsoft Outlook Tips and Tricks for Better Email Management

7 Microsoft Outlook Tips and Tricks for Better Email Management

You launch a major project at work, complete a complex task on deadline, or find a solution to an ongoing problem, but none of those accomplishments feel quite as rewarding as that rare moment when your email inbox is empty.

There’s good news: achieving Inbox Zero doesn’t have to be a rare occurrence. Take advantage of these sometimes-overlooked features in Outlook 365 to better organize your emails and start focusing on more important tasks.

1. Move Complex and Non-Critical Emails Into a To-Do Folder

In Outlook 365, you can create a structure of folders for organizing emails. Many people use the folder structure for archiving emails, but folders are also a great way to manage incoming emails as tasks and get them out of your inbox view. We’re going to use these folders to do email triage, organize the messy inbox, and overcome email overload.

To do this, create three new folders under your inbox folder. The first is a “To Do” folder, and the second and third are subfolders called “Follow Up” and “Someday.” These loosely follow the Getting Things Done® or GTD® methodology of organizing tasks.

To create these folders:

  1. Right-click your “Inbox” folder, and select “New Folder.”
Create a new folder in Microsoft Outlook
  1. Title the first folder “To Do.”
Create a To-Do folder in Microsoft Outlook
  1. Click the arrow next to the Inbox folder to view your new To-Do folder.
  2. Right-click the To-Do folder, select new folder, and name this folder “Someday.”
Create sub-folders in your To-Do folder in Microsoft Outlook
  1. Repeat to create a “Follow Up” subfolder under the To-Do folder.

Now you have four folders for incoming emails, and you can use all four to manage your tasks and keep your inbox clear.

When new emails arrive, move them to the appropriate folder:

Inbox – The only emails that stay in your inbox are those that you should answer immediately. They’re either urgent or can be handled quickly (in three minutes or less).

To Do – Drag non-urgent emails and emails that will require more than a three-minute response into your to-do folder. You’ll follow up on these items later, but moving them immediately keeps your inbox empty while you process the emails.

Follow Up – Move emails to this folder that are put on hold. Things like replies you’re waiting to get or tasks that you’ve delegated.

Someday – Some emails don’t require a response. Instead, they’re things you’d like read/review one day when you have time. Drag those into the someday folder to review at some point in the future when work slows down and you need something to do. This might be the equivalent of an Archive folder, but you can use it for items that you’ll need to quickly access in the next few weeks.

After processing your email, schedule time on your calendar every day to review and handle the items in your to-do folder. This method has three benefits:

First, it keeps your inbox clear, allowing you to achieve inbox zero and avoid getting overwhelmed by a cluttered inbox. New emails that come in at a steady stream don’t get mixed up with existing emails you’ve already read, pushing all the important emails down.

Second, your emails are better organized! You have a set place to go now for emails that need your attention—just as many folders as you need to stay on top of your email, but no more than you need. Instead of creating countless folders (for different projects, clients, or other categories), you have just four to work with.

Third—and perhaps best of all—it allows you to manage your time better throughout the day, focusing on important tasks instead of getting distracted by constant email questions and requests.

2. Use Outlook’s Task List Instead of Clogging Your inbox

Some emails don’t require an immediate response, but they do need to be handled before the time you have scheduled to review items in your to-do folder. These items can still be moved to your to-do folder so they’re not clogging your inbox, but you’ll want to make sure that you have a reminder to take care of them before a deadline.

Create a reminder by adding these emails to Outlook’s task list:

  1. Drag the email and drop it on Outlook’s task list icon.
Microsoft Outlook task list
  1. Add a due date and set a date and time to receive a reminder. Save the task.
Microsoft Outlook task list

You can now hover your cursor over the task list icon to see a quick view of your task list, organized by due date. Click on the task list icon to open your to-do list and review the respective tasks.

Microsoft Outlook task list

If you set a reminder, the task will pop up like a meeting reminder at the specified time.

Microsoft Outlook task list

Once the task is complete, mark it as such to remove the task from your to-do list. Open the task by double-clicking it, and click the “Mark Complete” button—or just press the Insert key to quickly mark the item complete.

Microsoft Outlook task list

Outlook’s task list is also useful if you’re in the habit of copying yourself on emails as a reminder to follow up, or if you’re emailing someone who is prone to ignoring your requests. Instead of keeping reminders as emails in your inbox, just move them to your to-do folder and add them to your task list.

3. Clean Up Your Inbox in One Click

Taking time off is wonderful until the moment you open your email after returning to work. If you work in an email-heavy company, you may have received hundreds of emails while you were out of the office, and now you’re faced with the difficult task of sorting through each one.

With Outlook’s clean-up function (introduced in Outlook 2010), you can drastically reduce the number of emails you have to deal with in just a few clicks—whether you’re coming back from vacation or you just have too many emails piled up. The clean-up function removes all email replies that are duplicated in a later thread, allowing you to read a single thread instead of dozens of individual emails.

To clean up your inbox quickly:

  1. While viewing your inbox, click the “Clean Up” button, and select “Clean Up Folder.”
Microsoft Outlook inbox clean-up function
  1. Click the “Clean Up Folder” button in the popup to confirm the action.
Microsoft Outlook inbox clean-up function

Outlook will automatically remove all duplicate emails, leaving you with significantly fewer emails to sort through.

Microsoft Outlook inbox clean-up function

The clean-up tool removed 29 duplicate emails from the inbox. If needed, those emails can be accessed in the trash folder.

The clean-up function can be a little disconcerting to use initially. What if it deletes something important like a reply that contained an attachment that was removed in a later thread?

Rest assured: the tool is sophisticated and will not delete any emails with attachments or text that aren’t exactly duplicated in later threads, and you can always review deleted items in the trash folder if needed.

4. Use Rules to Automatically Sort Emails and Stop Receiving Irrelevant Emails

Unfortunately, not all emails in the workplace come with an unsubscribe link. Day after day, emails arrive in your inbox that are just a distraction. Some common examples include:

  • Automatic Notifications: If you’re assigned to a team on one of the platforms you use at work—such as customer relationship management (CRM) software—that platform may send an email every time a change is made in the system.
  • “Fun” Emails: Sometimes a team leader or department will send daily/weekly emails with trivia, memes, or jokes designed to make work feel more fun.
  • Threads You Shouldn’t Have Been Included On: Occasionally, someone will send a mass email that gets dozens of replies—none of which have anything to do with you or your job.

These emails keep you from focusing on your important work. Use Outlook’s rules function to skip the inbox and send those emails straight to the trash—or to another folder for review.

You can also use Outlook rules to automatically sort incoming emails to the appropriate folder, such as always sending emails that are from your boss with a certain subject line to the To-Do folder and emails from a newsletter you regularly read to the Someday folder.

  1. Right-click the email, hover over “Rules,” and select “Create Rule.”
Microsoft Outlook inbox rules
  1. Choose the criteria for the rule:
  2. “From [Sender]” will execute the rule any time you receive an email from a specific email address or contact.
  3. “Subject contains” will execute the rule any time a specified subject line is used.
  4. Select what happens when the rule runs. To sort emails out of your inbox and into the appropriate folder, check “Move the item to folder,” and select the folder where you want the emails to be sent. You can choose the “Deleted Items” folder if you never want to see them, or you can create a separate archive folder if you may need to review the emails in the future.
Microsoft Outlook inbox rules

Click “OK” to apply the rule.

Want to prevent getting future emails on a specific thread? In that case, instead of creating a rule, you can just use Outlook’s ignore function. Right-click the email, select “Ignore,” and confirm the action.

Microsoft Outlook inbox rules

Ignore automatically sends future replies to that thread to your “Deleted Items” folder so you don’t receive them in your inbox.

5. Create Quick Parts for Default Responses to Common Questions

If you spend a lot of time typing the same answers to questions you get repeatedly, create Quick Parts to insert that text into email replies in just a few clicks. No need to keep typing the same thing over and over again or having to find an old response to copy and paste.

When you’ve finished typing a response that you expect to need to send again, follow the steps below to save the text as a Quick Part:

  1. Highlight the text you want to save in the email, and click the “Insert” tab.
Microsoft Outlook quick parts
  1. Within the “Insert” menu, click “Quick Parts,” and select “Save Selection to Quick Part Gallery.”
Microsoft Outlook quick parts
  1. Give your new Quick Part a descriptive name, and click “OK.”
Microsoft Outlook quick parts

With this Quick Part saved, you can now add that text to any email with just a couple clicks.

With your cursor in the body section of the email, click the “Insert” tab.

Microsoft Outlook quick parts

Click “Quick Parts,” and then select the Quick Part you want to insert.

Microsoft Outlook quick parts

The prewritten text will automatically appear in the body of your email, and you can edit and customize it as needed for your new response.

6. Use Quick Steps to Take Instant Action on New Email

If you’ve had success with the previous Outlook tips and are interested in getting into more advanced email management, it’s time to take a look at Quick Steps. Quick Steps allow you to automatically perform long strings of actions based on a trigger.

Say at the end of the month you receive a series of invoices from vendors or contractors. Your normal process is to review the invoices, forward the invoices to your accountant, and create a reminder to follow up with the accountant a week later to make sure the invoices were paid.

Quick Steps can take care of the last two steps for you with fewer clicks than if you performed the tasks manually:

  1. Click the “Create New” button in the Quick Steps section of the Home ribbon.
Microsoft Outlook quick steps feature
  1. Give the new Quick Step a descriptive name, and select the first action: “Forward.”
Microsoft Outlook quick steps feature
  1. Type your accountant’s email address into the “To” field.
Microsoft Outlook quick steps feature
  1. Click the “Add Action” button to select the second action: “Create a task with attachment.”
Microsoft Outlook quick steps feature
  1. Click “Finish” to create the Quick Step.

After you review an invoice, you can now execute the Quick Step to forward the email and create a reminder task. Select an email containing an invoice, and click the appropriate Quick Step in the Home ribbon.

Microsoft Outlook quick steps feature

The email forward and task windows will open automatically. Click Send to forward the email, and set a due date and reminder for the task before saving, if you’d like.

There are many different ways to use Quick Steps to speed up email processing. Spend some time thinking about the repetitive actions you take on emails, and set up Quick Steps to make managing your emails so much quicker and almost painless.

Original post by: Jessica Greene, Zapier.com

18 Cool Tips on how to use Office 365

18 Cool Tips on how to use Office 365

18 Cool Tips and Tricks on how to use Office 365

PowerPoint Design

A few years ago, it took time to set up a PowerPoint presentation. You had to pick the layouts, backgrounds, fonts, and transitions. With pre-designed templates you cut the time spent looking for backgrounds and maximize your content output. Along with templates with customizability they’ve implemented a design feature that gives you suggestions as to how you should set up your slides after inserting an image. When you insert a picture a side bar appears to the left with a few options on how you could have it laid out, after selecting it your slide will be changed to reflect your choice.

Image 0219: design

Morph

Is a new transition that allows you to duplicate a slide and move around its components to make it look like they have shifted. This creates a sort of gif by changing their sizes, location, and rotation of the objects. Then when you start playing the slideshow you’ll be able to see the transition in motion. For example, these pumpkins look like they were thrown up high and are spinning as they fall.

Image 0220: morph

Tell me what you want to do

This new helpful feature can help you find and execute quite a few actions. Insert pictures, share the document, insert a chart from excel, or even print. You’ll find this box next to the acrobat tab. To use it just type in simple text and it’ll bring up suggestions based on what you’ve typed to choose from. For example, if you needed to insert a check box you would type in and click on “check box” and it will insert it for you. If you’re looking for help on that topic, there is also an option at the bottom which will say “Get help on. . .” that you can get information from.

Image 0221: tellmew

Bing

Now when inserting pictures or searching, you have this dandy option of using Bing. This way you can do everything right in the documents as opposed to opening a separate browser to find your information or pictures. There are two options on how you can do this. Either right click and select smart look up, or go into the “Tell me what you want to do box.”  You can find images, define words, web search, and explore Wikipedia.

Image 0218: bing

Out with Clutter, in with Focused

Clutter is being retired and replaced with a more efficent focused inbox. Already a feature on the mobile version of outlook it will soon be available on the desktop version, it works by concentrating what outlook thinks are your important emails while pushing unimportant emails into an “other” section. Leaving you with a neater inbox with only the important emails you want to see and less junk. It also allows you to schedule messages to dissapear from your inbox and appear at a later designates time.

Image 0222: focused

Inked

Now in mobile versions of office is a new featured called “Ink” You can choose custom colors from a color wheel and use them to draw on the document using a pen or highlighter. Select the draw tab from the ribbon, where there are four preset colors and a color wheel. Selecting the color wheel allows you to move the tab around to find a color. Allowing for more customizable markups of documents.

Image 0223: ink

The Trinity

Outlook has also added three new plug ins for use within the outlook app. Send e-gift cards and schedule meetings at a Starbucks location using the Starbucks plug in. Use the PayPal plug in to send money securely to people via email. Or order an Uber ride in association with an event on your calendar, which will send you a reminder to confirm your ride on the day of the event.

Image 0224: paypal

Image 0225: starbucks

Image 0226: uber

Boomerang

Enjoy a calendar assistant that can help you schedule meetings and share your availability directly through outlook. Also, get reminders to follow up on emails that haven’t gotten a response back and schedule your emails to go out at a later determined time.

Image 0227: boomerang

Delve

A part of Microsoft business platform, it allows you to see what the people around you are working on (granted you’ll only see what you have permissions to). You can click a coworker’s name to see the list of documents they’ve worked on recently, or get an overview of the documents various people have been working on. It can be a helpful tool when keeping track of people working on specific documents, and since everything in synced to the cloud you can look at the different versions different people have edited.

Image 0228: delve

Project Management

Use planner to set up a to do list for your work group. Set due dates for completion, share files, collaborate, and check the dashboard for the progress of your team. It is a good tool for keeping track of goals or milestones your group has acheived and keeping everyone on track.

Image 0229: planner

Groups

Setting up your team as a group for a specific project will allow you to share a collective space. You’ll be able to share an inbox, OneDrive folder, and group on planner to set up goals and deadlines. This can help with the seamless transfer of information between team memebers, you wont have to worry about forwarding an email to all your team memebers when you get an upate regarding a change in your project because everyone will have access to it.

 Image 0230: groups

Take a poll

Using Sway you can create interactive PowerPoints with pictures and videos galore which makes it more interacive. By embedding PollEverywhere.com into your presentation you can also create poll to engage your viewers and get them to interact with your presentation. Which is a great method of keeping their focus on you and interested in what you are presenting.

Image 0231: poll

GigJam

Gigjam is a sharing app for your phone that lets you share temporary snippets of your Office 365 products with others. Whether it is text or a photo it is a quick and convenient tool if you don’t want to send an entire document.

Image 0232: gigjam

Collaborating

Instead of having four people working on the same document then trying to piece it all together when the time comes to combine it. Take advantage of Microsoft collaborative capabilities. You can have your whole team editing the same document and see the changes happening in real time. Which will get rid of the hassle of trying to mix three or more different copies of the document and have it make sense.

 Image 0233: collab

Skype and Edit

If you’re using Office 365 then you probably use Skype for business to communicate with your co-workers. With Office 365 you have two options on how to approach using the office products, the desktop app we all know and love or the online version. Both are acceptable options for you to use, though they have different advantages. The online versions has an automatic syncing system with your OneDrive folder, while on the desktop version you also have the option to saving it yo your harddrive(though that’s not recommended). It’s also introduced collaborative editing which allows you to view in real time what the other person is editing. But you may not know that you can chat directly in the document thanks to a skype plug in.

Image 0234: skypeedit

Data maps

A new addition to Excel is a feature that can take the rows of data you have supplied and turn it into a map. It converts everything into images and organizes them into a state or country format based on the information you provide. You can find Power Map under the Insert/Map tab in your Excel document.

Image 0235: map

Image 0236: maps

Reformat data in a snap

The fill down command used by hitting control-D, which populates a row based on the information you provide has helped people who fill out spreadsheets be more productive. Flash Fill on the other hand will learn what you’re doing and reformat itself to match it after you click accept. While this isn’t a new feature, it is a convieniet tool for those on a Windows computer.

Image 0237: excel

Make the unreadable readable

Having to scan a document was something that took time and effort, now Office Lense turns your phone into a portable scanner so you can snapshot and go. You can quickly snap a picture of a receipt or contract then watch as it’s converted into a PDF, then it’s uploaded it into your One Drive folder in order to file it away or email it to the necessary party. Not only that but it will take illegible whiteboard text and make it legible by enhancing the image, something that could come in handy if you use them in meetings. Having all of this saved to the cloud means you don’t have to carry all that paper around with you, a very Green solution.

Image 0238: officelense

8 Best Practices For Protecting Your Email

8 Best Practices For Protecting Your Email

Here are eight best practices for enhanced email security:

  1. Move up the kill chain.
    Phishing emails need to achieve several milestones in order to be successful. First, they have to be delivered. Second, they need to successfully deceive the user and get them to unwittingly act. Lastly, they must get the user to surrender personal information or download an attachment that contains malware. Many security solutions aim to stop criminals later in the chain, such as at the Click, Surrender, and Extract stages. But the earlier in the kill chain that controls can be inserted, the better the chance that organizations have of preventing their customers from being phished. Implementing a proactive DMARC (Domain-based Message Authentication, Reporting & Conformance) policy can break the chain at Delivery, preventing the message from ever landing in the user’s inbox.
  2. Enable two-factor authentication on all accounts.
    Two-factor authentication (also known as two-step authentication) enhances the security of a user’s login process by requiring the entry of a secure code, which is either delivered by text message to the user’s phone or via a code-generating app such as Google Authenticator. When two-factor authentication is enabled, it is not enough for a hacker to obtain a user’s login name and password; they would also have to be in possession of the user’s mobile device.
  3. Keep informed.
    New phishing scams are developed every day. By staying on top of these new phishing techniques, users are much less likely to fall prey to one. IT administrators should conduct ongoing security awareness training and periodically simulate phishing scams in order to keep security top of mind throughout the organization. Employees who receive suspicious emails should immediately share the technique with co-workers.
  4. Think before you click.
    Before clicking on any link or attachment in an email it should be a routine practice to pause and evaluate whether that link or attachment appears to be legitimate. A phishing email may appear to be from a legitimate company and the hyperlinks they contain might link to what looks like a legitimate website, but users should always question whether the motivation behind the requested action seems valid. Never click on links in emails that ask you to change your password or otherwise log in to your account. Go directly to the website instead.
  5. Be a helicopter.
    In other words, don’t be afraid to hover. Hovering your cursor over the sender’s name in an email will bring up the sender’s complete email address, including the domain the message is sent from. If the domain seems fishy, chances are the email is fishy.
  6. Don’t be shy—pick up the phone.
    Personal information should never be given in an email and most organizations won’t ask for it. If you receive an email requesting personal or financial information that appears to be legitimate, don’t be afraid to call the sender and confirm that the request is authentic.
  7. Don’t get attacked by attachments.
    Always be wary of emails that contain attachments and think twice before clicking on them. Legitimate companies, institutions, and brands rarely send emails with attachments, so attachments should always be a red flag. If the attachment seems authentic and the sender seems legitimate, it still might be a good idea to pick up the phone and confirm that the attachment is safe.
  8. Don’t reuse passwords.
    Nobody likes to have unique passwords for every online account they have, but using the same password for multiple accounts can be dangerous. If you get phished or an online account is hacked, having unique passwords can limit the damage.

The complexity of today’s phishing emails makes it progressively more difficult for email users to distinguish between fraudulent and genuine correspondence highlighting the need for both preventative measures and end-user education. If malicious emails are prevented from reaching an organization’s servers in the first place then the threat is neutralized. But those that get through can also be rendered ineffective by users that know what to look for and think before they click.

If your organization is serious about preventing phishing attacks and protecting your customers as well as your brand reputation, you should be taking a two-pronged approach that includes both prevention and education. Contact us today for help.

Background

Although email phishing scams have been around practically since the inception of the Internet, today’s scams are both more prevalent and more sophisticated. The rising prevalence of email phishing attacks is due in large part to the fact that they’re so successful. In fact, according to numbers published by the Canadian government, the success rates are alarming:

  • 156 million phishing emails are sent every day
  • 16 million make it through filters for a 10.2% delivery success rate
  • 8 million are opened (50% success rate)
  • 800,000 are clicked (10% success rate)

Not that long ago, phishing attempts were quite primitive and often riddled with typos and grammatical errors, so it was easier for consumers to identify when something was amiss. But those days are largely gone. Today’s phishing attempts are increasingly sophisticated, often almost exactly mimicking legitimate emails both in content and source.

Not only is spear phishing increasingly evolved, attacks are also proving to be incredibly costly. According to a report by the Ponemon Institute, the average 10,000-employee company spends $3.7 million a year dealing with phishing attacks.