There are many ‘technical’ ways that a company can protect itself and staff from online threats such as phishing scams, malware and viruses, but the human factor still remains the weakest link in your armour.
Phishing attacks are a particular problem as the methods that the perpetrators use become more and more sophisticated.
Recent statistics show that the number of successful phishing incidents almost doubled between 2019 and 2020 from 114,702 up to 241,324.
The impact of COVID-19
Though not thought to be directly responsible for the increase, the current pandemic has given criminals yet another way to try and trick you into sharing personal information.
Cybercriminals took advantage of people’s need to get vaccinated as quickly as possible by circulating emails and texts appearing to be from the NHS but asking you to click on a link to confirm your details.
Phishing emails continue to affect businesses
Almost 96% of phishing attacks still arrive by email, asking the recipient to click on a link or confirm information, it’s at this point that the criminals can gain access to your system.
The way in which these emails are being targeted are becoming not just more sophisticated but more relevant to companies and individuals. Subject lines in 2021 have become much more targeted, moving from things like ‘Urgent’ and ‘Attention’ to ‘IT: Annual Asset Inventory’, ‘Changes to your health benefits’ and ‘Zoom: Scheduled Meeting Error’.
Between Jan 2021 and March 2021 Kaspersky’s anti-virus software recorded a total of 79,608,185 phishing attempts – this means that a user clicked on a phishing link. Of that 79m 5.91% were in the UK. That’s over 4,000,000 clicks in the UK alone!
Counting the Cost
To put some of these stats into real world costs, the Federation of Small Businesses states that there are on average 10,000 attacks on UK small businesses every day and these attacks cost UK businesses £4.5 billion a year, this equates to £1,300 per individual attack.
How do we stay safe?
Training is key. As mentioned above, the “human” factor still remains the weakest link in your armour. No matter how much software or hardware you have installed to help prevent these attacks, if your staff aren’t educated in these dangers then your company and intellectual property is at risk.
And that’s where we come in…
Don’t worry, the Wessex IT can help. We offer a two-part solution for businesses.
- Phishing simulation campaigns – We’ll send your team fake phishing emails to test their awareness in a safe environment.
- Training courses – Based on the results, we can identify the right training from our extensive choice of bite-sized, high quality training modules covering topics like phishing awareness, PCI payments and GDPR compliance.
It’s an on-going process and we can continue to test your staff with regular phishing training exercises to help your team spot what to look for.
If your business has recently experienced an attack or attempted attack, or you simply are not sure if you have the right cyber security tools to help staff avoid being tricked by cyber criminals, contact the team at Wessex IT. We’re always here to talk you through some options.