Well, OK, not all email, but the ones that hackers are sending your employees daily; the phishing scams that look and read just like something you, your management team, your vendors or, in the cruelest of ironies, even your IT department would send them. And once your employee clicks on said message, the gate to your network swings wide open.
According to the FBI, phishing was again the headliner of cybercrime in 2020, with phishing incidents nearly doubling in frequency from 114,702 incidents in 2019 to 241,324 incidents in 2020. And it’s not just computers; Techradar reported last year phishing attacks on mobile phones was up 37 percent worldwide and 66 percent in North American alone.
Hackers go after businesses large and small and they are alarmingly efficient in their criminal craftwork. Once a breach occurs, a criminal unleashes malware, one of a collection of software options that gives a crook the ability to create all sorts of problems. Malware incidents increased by 358 percent overall last year and ransomware in particular – which holds your system hostage until you pay up – increased by 435 percent in 2020 as compared with 2019, Deep Instinct reports.
One reason for the spike in hacking is the pandemic, which created the work-from home phenomenon where cyber security measures and employee vigilance are often at their weakest. All it takes is one lapse in attentiveness from one caffeine-deprived employee opening one innocent-looking email for a breach to occur. And considering remote officing is likely here to stay – Global Workplace Analytics forecasts 25 to 30 percent of the workforce will be working from home on a multiple-days-per-week basis through the end of the year – this is a threat that isn’t going away anytime soon.
What does all of this criminal activity cost? The Center for Strategic and International Studies and computer security company McAfee projected in 2020 global losses from cybercrime hit $945 billion in losses. The number could actually be higher, according to the director of the research because companies often underestimate the opportunity cost lost to cybercrime.
The FBI offers the following recommendations to help prevent your company from becoming a victim:
- Enable multi-factor authentication for all email accounts. Unlike password-only access, multi-factor authentication adds a second layer of authentication such as a personal question or biometric scan (fingerprint, facial, etc.) to gain access.
- Verify all payment changes and transactions in person or via a known telephone number.
- Educate employees about business email compromise scams, including preventative strategies such as how to identify phishing emails.
- Prohibit automatic forwarding of email to external addresses.
- Ensure changes to mailbox login and settings are logged and retained for at least 90 days.
- Enable security features that block malicious email, including anti-phishing and anti-spoofing.