Are you a business owner or IT manager?
If you are, then as you’re reading this blog post right now, your users are being targeted by phishing campaigns. Let me use 3 statistics to illustrate what I’m getting at:
1. “By the end of 2017, the average user was receiving 16 malicious emails per month.” – Symantec, 2018
16 emails a month.
Say your organisation has 50 staff – that’s 800 opportunities every single month for hackers to manipulate, exploit or seduce your staff into unwittingly giving access to your systems and data.
Now say your organisation has 500 staff, I’ll let you do the maths…
2. “76% of organizations say they experienced phishing attacks in 2017.” – Wombat, 2018
Are you part of the lucky 24% of companies that haven’t been attacked? I know where I’d put my money…
Every business needs to be thinking about protecting their data.
3. “92.4% of malware is delivered via email.” – Verizon, 2018
Looking at this last stat, can you really afford to pass up on the opportunity to protect against over 90% of the risk of your users getting malware?
Why do hackers want my data?
Hackers, scammers and modern-day digital data pirates are using all kinds of digital weaponry to try and get at your organisation’s data.
Why? For several reasons:
- Perhaps they want to encrypt your files and demand a ransom to unlock them.
- Possibly they are looking to steal your customers’ database and sell it on the dark web.
- Or maybe their goal is simply to cause maximum disruption to your operations. Just because they can.
Either way, it only takes one wrong click to compromise an account and start a destructive chain of events – that will at least disrupt your operations or at worst could even cause your organisation to go out of business.
Okay, I’ve read the stats and I get it – hackers are trying to steal my organisation’s data… But what can I do about it?
Now that you’re scared out of your wits that any minute now some mysterious and sinister-looking, shadowy figure is going to jump through the screen and demand a large sum of Bitcoin in return for the decryption of your files… let’s have a look at what you can do to protect yourself and your organisation against some of these threats.
This time last year, Google introduced 9 new email security settings specifically designed to fight back against the ever-rising threat of phishing attacks. These settings provide warnings when Gmail detects a potential suspicious email to end-users that look like this:
We can split these 9 settings into 3 sections:
- Protect against encrypted attachments from untrusted senders
- Protect against attachments with scripts from untrusted senders
Links and External Images
- Identify links behind shortened URLs
- Show warning prompt for any click on links to untrusted domains
Spoofing and Authentication
- Protect against domain spoofing based on similar names
- Protect against spoofing of employee names
- Protect against inbound emails spoofing your domain
- Protect against any unauthenticated emails
All of these settings are absolutely first-rate features that will ultimately save the organisations using G Suite heaps of time and money, where others will struggle.
It’s all well and good training staff to be vigilant against unusual emails – this is definitely an effective measure and is a service that we offer.
But when your users are getting almost an email per working day (remember the stat from earlier – 16 emails a month?) from increasingly clever hackers, it’s often only a matter of time before there’s a slip-up.
As humans, we aren’t perfect.
This is where Google is really taking the initiative and harnessing very clever technology to combat these attacks at a user level.
So how can I take advantage of these settings?
To answer this question, let’s split businesses into two categories:
- My business uses G Suite – you can find these settings in the admin console of your G Suite setup. We’d love to help show you how to switch these on, so if you need any technical help, just give us a call on: 0141 432 0870 or contact us via email@example.com.
- My business does not use G Suite – we’d love to understand your business and explore how these settings, as well as other aspects of G Suite, would benefit your organisation. The first step is to give us a call on: 0141 432 0870 or contact us via firstname.lastname@example.org.