Like any responsible company, you’ll have taken time to consider how you protect your IT systems against common forms of cyber-attack. But, what if a criminal could simply ring up, email, or text one of your staff and find out everything they wanted to know? Well, that’s not as far-fetched as it sounds.
Hook, line, and sinker – digitally, of course.
Phishing is a term for criminal attempts to gain access to confidential information by posing as a trustworthy person or organisation. The more well known, successful, and trusted an organisation, the more likely criminals are to impersonate it; that’s why some of the most common phishing attacks pose as banks, or Government departments. When practised against businesses, phishing emails are more likely to pose as suppliers, companies you trade with, or trusted advisers. Either way, the criminal’s aim is to trick you or your staff into revealing information to them in the belief that they are who they are pretending to be.
Vishing and Smishing are the same concept but using Voice (phonecalls – Vishing) or SMS (text messaging – SMiShing). They follow the same principles and have the same aim: to con your staff into disclosing confidential data.
Protecting your business
Protecting against phishing attacks is an essential element of your organisation’s cyber security strategy, but it is important to be realistic. The criminals who carry out phishing attacks are incredibly skilled at what they do. Targeting the most vulnerable in your company, and pushing just the right buttons, is all part of the scammer’s art, and it is simply not possible to prevent all phishing attacks.
Instead, the approach recommended by the National Cyber Security Centre is to support and empower your team to understand the most common phishing (and vishing, and smishing) attacks, while providing a blame-free way for them to report problems, even if they have already clicked an email, or disclosed something they shouldn’t have. At the same time, it’s worth looking into high-quality business IT support to ensure that your systems are set up so that as few phishing attacks as possible reach your staff’s inboxes in the first place.