Key takeaways
- Emails are the most versatile of all online business tools we can access from our computers, through the web and on our mobile devices. But that also makes it one of the most at-risk tools and highly susceptible to attacks.
- One of the main forms of attacks is through “phishing” – an attack vector that is designed to lure victims in by deceiving them and currently one of the most common online scams in the Australian digital landscape.
- Scamwatch receives thousands of reports from individuals and businesses that have been scammed by “phishing”, even though only around 13% of victims actually report it.
By Jess Walker, Technical Director, Envisage Technology
As we work through the current challenges and setbacks that COVID-19 has presented, it is important that in this new world where many are pivoting to “work from home” arrangements that we are more vigilant about online security and privacy.
Too often I have found myself grappling with the thought many others have of “I just need it to work” or “I have critical deadline to reach”.
If I asked you the following hypothetical questions, would it change your thought process and ultimate decisions?
- If $100,000 was withdrawn from my bank account and couldn’t be reclaimed, how would this impact my ability to operate as a business?
- If my IT systems were down for two or three days, how would it impact on the ability of my businesses to operate?
If your answer to either question was that there wouldn’t be any impact on your business, please reach out to me so we can talk about employment opportunities, as I’m definitely in the wrong industry!
Any downtime or loss of income has some business impact, whether great or small, and the ability to manage that impact comes down to your ability to react and respond as a business owner.
I would like to take some time to discuss and reflect on threats I come across regularly in the digital world, especially those that aim to compromise systems and distract us from the daily operation of our businesses.
We are used to physically locking front doors and arming alarm systems to protect our physical property and I’d like to discuss at a high level ways in which we can protect ourselves in the virtual world.
Emails are a regular form of communication and also the most versatile of all online business tools. We can access it from our computers, through the web and on our mobile devices. As a result, it makes it one of the most at-risk tools and highly susceptible to attacks.
One of the main forms of attacks is through what is termed “phishing” attacks. As a play on the word “fishing”, it is an attack vector that is designed to lure it’s victims in by deceiving them and is one of the most common online scams currently circulating in the Australian digital landscape.
Scamwatch received over 3000 reports from individuals/businesses that they had been scammed by “phishing”, which translated to around $1.8 million in losses. Many could live in a very nice house for that amount.
A report prepared by the ACCC estimated that Australians alone lost over $634 million to scams in 2019. That was a 30% increase on 2018.
These are astonishing figures, especially given only around 13% of scam victims actually report it!
To read the full report click HERE.
So, with e-mail threats so prevalent, how do you protect yourself?
Much like the analogy of physical home security, there are a number of tools that not only provide your single deadlock on the door approach but factor in deterrents to keep the scammers at bay.
Anti-virus and anti-malware protection is your first line of defence but in regards to phishing, do not protect you from receiving the scam emails or stop you from entering sensitive details, including username or passwords, on the sites the phishing e-mails lead you to.
A combination of awareness training and email filtering systems are your best defence when it comes to email security.
Like any situation, training is only as good as what you put to practice and how frequently you re-apply it. Email filtering systems will stop you receiving many of the more common fake emails but can also filter out harmless emails, so it is important that someone within your business reviews the filtered e-mails on a daily basis to ensure legitimate emails are released or whitelisted. Ideally, it should be someone who has been trained to know what to look for when it comes to email threats.
If any of these training platforms or filtering systems are of interest, please feel free to reach out.