Focus on Security: Phishing for Malware
85 percent of organizations have suffered phishing attacks!
That is straight from the Wombat 2016 State of the Phish report. Is that depressing or what! The sad thing is, phishing can be thwarted most of the time. But, it requires diligent training of your ENTIRE staff. Including the board members, owners, executives and doctors. Everyone needs to be trained to identify phishing attacks and resist opening the link and/or attachment.
A few stats from the report.
- 85% of organizations have suffered phishing attacks.
- 37% of executives have been victims of phishing.
- 30% of phishing emails get opened.
- #1 delivery of malware is via email attachments.
- #2 delivery of malware is web based.
- #3 delivery of malware is hyperlinks in email.
- 250% increase in phishing attacks in first quarter of 2016.
- You are under attack by the cyber criminals.
- 93% of phishing emails carried ransomware.
- Average cost of a phishing attack is $1.6 million. Obviously, this is because huge corporations have experienced successful phishing attacks. But, never the less a phishing attack will cost your dearly.
Jonathan Crowe at Barkly has a great blog with charts for more details. He also has a Phishing Field Guide: How to Keep Your Users Off the Hook
Here are a few tips to help you avoid catching the wrong phish (malware, comptur bug).
- Train your staff on cyber security. Our HIPAA course covers phishing and other cyber security training.
- Train your staff using a false phishing campaign.
- Configure your email to filter out phishing emails.
- Double check the email address is from someone you know. Otherwise, you should probably NOT open it.
- Double check the url, does it go to the right web site? Do you recognize the url, does it make sense?
- Not sure about an email? Call and talk to the sender first.
- Turn off macros if asked when opening any file.
- Setup an email gateway to block all attachments and require users to download expected attachments from the server.
Here are some free phishing simulators you might try http://resources.infosecinstitute.com/top-9-free-phishing-simulators/. The DOD also offers a free phishing test tool at http://iatraining.disa.mil/eta/phishing_v2/launchpage.htm.
Hope these tips help you protect your patients, protect your practice, and protect yourself.