Nutbourne IT security London explains how to avoid potential phishing attacks on your systems and networks. 55% of email received in the UK is Spam. Over half of all Cyber Attacks start from a phishing email. Therefore it is important to take preventative measures to protect your company. The good news is that it is relatively simple and cost-effective to do so. Not to mention some of the key elements can be free. Nutbourne’s Patrick Burgess explains how you can keep yourself safe…

Is protecting yourself from phishing just a simple case of being better at prevention? And how simple is that prevention?

Preventing a phishing attack can be very simple indeed. Your first line of defence should be education. Teach your staff what a phishing email looks like. Teach them not to give out their email addresses and passwords, when they get unexpected emails. Explain to them why it’s necessary for multi-factor authentication (MFA) to be switched on. After this then ensure it is enabled for everyone and everything.

It is also important to ensure you have decent spam filters switched on. As well as a robust web content control and good endpoint protection software in place. However these will always miss to odd email and education of your staff is the cheapest and most effective protection you can have. 

Are these the sort of things that companies can do by themselves? Or do they need someone like an MSP to come on board?

There’s a lot you can do right now. Start with training your staff. If you have cyber insurance, then your insurance provider will likely provide the training free of charge. They will also be able to offer some simple and straightforward advice to protect you from phishing. 

If you don’t have cyber insurance – and you really ought to consider it – then we recommend working with a partner to advise you on the right kind of training. Or working with partners that can deliver training themselves.  There are millions of courses online and sorting the good from the bad is hard. Working with a partner to find an IT security London will save you time and money in the long-term. 

Where MFA is concerned, is it the case that organisations don’t know that it’s free and readily available? Or is it seen as an inconvenience?

It’s both. It’s common for us to recommend MFA and for there to be resistance because it is seen as difficult to roll it out and for the staff to use each day. That resistance comes from the directors and senior managers a lot of the time. It’s a careless attitude because it opens the company up to significant but preventable attacks. It’s even more careless for the people in control to resist because they’re usually the demographic of people targeted. Spear phishing – where a phishing email is sent ostensibly from a known person – most commonly preys upon CFOs and CEOs.  We’ve seen countless cases where accounts have sent large payments to cyber criminals imitating the heads of companies.

It often takes an attack before companies take this seriously, doesn’t it? 

It does, but prevention is always better than cure. Nutbourne has a client that was the victim of a phishing attack very recently. We had been reminding them for months to turn on their MFA, but they hadn’t. This led to them having almost 20 accounts compromised, lost data and a significant amount of money lost too.

We understand that most IT security London costs money, which is why businesses don’t keep up to date with trends or innovations. But MFA and training are usually free, and they are 100% worth it. You could put an end to the majority of consequences from phishing emails tomorrow by turning MFA on across the board.

How is Phishing evolving?

Like all forms of tech, phishing is constantly evolving. A case in point this year was the volume of COVID-19 related phishing attacks. These exploited fear, uncertainty and regional hotspots where the virus spreading. The majority of attacks or attempts in the UK came in the form of spam emails claiming to be from the government, offering financial support to SMEs or households.

And while the vast majority of threats were detected and stopped, attackers have developed new and sophisticated ways of avoiding detection. According to Microsoft’s Digital Defence report for 2020, ‘Criminal groups are skilled and relentless. They have become adept at evolving their techniques to increase success rates. Whether by experimenting with different phishing lures, adjusting the types of attacks they execute or finding new ways to hide their work.’

The report notes that in 2020 cyber criminals have shifted to phishing (70%), as a more direct result means of harvesting credentials. To avoid detection, they’re using a technique known as morphing. This changes the platform, URL domain, email and content template for delivery. 

This means that staff are more and more likely to fall for the emails because they prey on the heart strings and worries. It is important for businesses to protect their staff from themselves with the right tools such as MFA even if the staff do not like the idea or think it’s too much work. Regular education which is update with the current trends will help staff understand why these tools are so important.

What roles can IT security London companies play? Are they necessary?

Companies like Nutbourne can provide a framework for your IT support in London, your overall IT strategy and the roadmap to deliver incremental improvements. It removes the confusion and indecision about what to do next. Improving IT is usually a case of a lot of small things, which can add up and seem like a million things to do all at once.

But paying for expertise will guide you along the way, point you in the right direction and keep you moving – and most importantly keep you protected. It is easy to freeze in the headlights, get used to the status quo and assume it will be okay. The problem with phishing, is that it won’t be okay and the odds are against you if you do nothing. 

If you would like to find out further information about Nutbourne’s IT security London and what we can offer you, contact us today on 0203 137 7273. Head over to our LinkedIn and follow our page to stay in the know about the latest tips and tricks to keeping your networks and systems secure.