How to prevent a new phishing attack on your business
If your company has been phished, you need to take action. What steps should you take and how can you prevent this from happening again? Phishing expert Arnout Van de Meulebroucke provides three tips.
Prevention is better than cure: it's a nice saying, but sometimes the inevitable happens and you have no choice but to try and limit the damage, bear the consequences and finally prevent such incidents from ever happening again.
The average cost of a major hack today is around four million dollars, depending on which cyber threat intelligence source you consult. Moreover, 90% of all hacks are the result of human error, often a successful phishing attack. Figures that do not exactly make one optimistic.
If you have been the victim of a hack or cyberattack, then of course you want to prevent this from happening again. But first you need to clean up the mess.
Steps you need to take:
1. Before you start repairing the damage, you should first try to limit the consequences. And that can be a pretty big undertaking: anti-ransomware, anti-malware, antivirus and other software help prevent major problems, of course, but once a hacker manages to penetrate your defences, the consequences (and the costs) can be considerable. Technical means therefore only help to a certain extent.
So limit the damage: restore backups, clean up the network and look for any 'rubbish' that hackers can use to attack again. After all, there's no point in spending money on remediating if you run the risk of encountering the same problem again next week.
We see that companies are usually very quick to react – fortunately - but the sad truth is that they usually react by running exercises they should have done much earlier. It is only after a major leak that they ask themselves how they can strengthen their weakest link, which are their people. If you haven't done so already, now is the time.
2. At the same time as limiting the damage, however, you must follow the rules. Since the introduction of the GDPR - and various regulations since - an organisation is obliged to inform the necessary authorities of the extent of the problems, what they will do about it and also: what they already did to avoid such problems.
This last step plays into the size of the sanction an organisation may face when that authority judges that mistakes have been made. If you have already invested in training for your employees to deal with and prevent cyber risks, don't forget to mention it! In addition, you also need to inform customers and partners if their data has (possibly) been stolen.
3. After mitigating further consequences, it is time to look ahead: what steps can you take to prevent this from happening again in the future? The first step, of course, is to train your people. Assuming that the technical side is in place, it may be time to strengthen the human side by providing them with the necessary tools and guidance.
The time when technical means were sufficient to protect an organisation is long gone. Today, it is necessary to bring the knowledge and behaviour of employees up to the same level as the technological tools. Only then will a company be fully protected against the increasingly complex threats.
How Phished can contribute
In order to minimise threats as quickly and efficiently as possible, people need to be trained as regularly as possible. Research has already shown that cybersecurity training loses its impact after one month. After six months, everything is completely forgotten, that is why it is important to keep people on their toes. Phished does this through short, automated and personalised training.
Our phishing simulations teach recipients the correct reflexes, while the Phished Academy provides insight into the importance, recognition and handling of threats in just a few minutes, as well as offering hundreds of other tips on a wide range of cybersecurity issues. Finally, Phished ensures that people are committed to their organisation's cybersecurity strategy. Employees who are motivated and prepared make for a much better protected organisation.
Try it for free
Fortunately, you don't have to take our word for it: Phished is offering every organisation a free 14-day trial for up to 25 recipients. With no obligation to buy - you don't even have to share your payment details. A test is started in three easy steps: you create an account, you upload recipients (or we do that automatically for you!) and our platform does the rest.
Try it and you'll see how easy it is to comply with the basics of cybersecurity: training your people to become fully fledged cybersecurity experts.