The average business email compromise (BEC) attack can cost a company hundreds of thousands of dollars, if not more. And according to the FBI’s Internet Crime Report, the frequency of phishing attacks is surging, at a 69% increase year over year from 2019. While there is no magic bullet to curb the increase, the best phishing protection solution is the combination of airtight phishing defense software with the frequent training and eduction of your users.
You could have the best anti phishing software in the world, but your network is only as protected as your least educated user. Despite this, you still need great tools to minimize risk for your users.
Here are a few anti phishing tools we recommend to help you prevent phishing attacks within your user communities.
Step 1: Train Users on How to Prevent Phishing Attacks
End user training is critical. The FBI lists common phishing attacks, the majority of which begin with spear phishing. Consider reviewing these with your end users.
Generally, to remain protected, your users will want to do the following:
- Get in the habit of looking at contact information to ensure accuracy. Often, phishers will alter a letter in an email (like subbing an “n” for an “r”) or show the correct sender name “ex: John Smith” while the email address will be fraudulent.
- Be wary of links and clickable images. Remember that seemingly valid hypertext or shortened links can be fraudulent, as they could mask the illegitimate link.
- Be critical of abnormal C-Level and colleague Requests: malicious actors will impersonate a senior executive like the CEO asking employees to do things like purchasing gift cards or clicking links.
- Monitor caller ID and returning voice calls using trusted contact info. Did the caller leave a voicemail? Call or instant message your potentially impersonated colleague directly to confirm validity.
- Use Multi-Factor Authentication where applicable. If your help desk receives a call from a user requesting their login credentials, you might consider using MFA. Or maybe you could let the user know for security purposes you’ll be hanging up and calling them back at the number you have on file for them.
Companies like KnowBe4 provide end user training modules that keep your users up-to-speed and mindful of the latest phishing tactics.
Step 2: Invest in Anti Phishing Tools
As an MSP or MSSP, you are balancing and supporting a cross section of IT solutions. Each with their own respective dashboards, nuances, and help desk tickets. As a creator of one of the best phishing protection solutions on the market, here’s what we took into consideration when developing CloudFilter.
- It must protect against phishing, spam, and viruses. You have a full technology stack to manage. Why not consolidate phishing, spam, and virus tools by investing in one tool that does it all?
- It must allow administrators to manage multiple mailboxes at once. Multi-tenant management is critical so you can set rules for the entire organization.
- It must be secure, yet simple. There are a lot of feature-bloated, complex tools out there. Choose something clean and easy to manage. For an example, see CloudFilter’s dashboard below. We received feedback from our MSP partners on how they wanted the portal to be designed so we designed this with the MSP administrator in mind.
Optional: Consider Mandating Email Filtering for Your Customers
You are leaving yourself vulnerable if you aren’t making email filtering mandatory. We have had several partners lately tell us they’re making email filtering mandatory for anyone they support. Operating without a proper phishing defense tool is like driving without insurance. Sure, it can be done but what happens when an accident occurs?
Step 3: Invest in an MSP-Backed, US-Based Email Security Partner
Don’t let a successful cyberattack happen on your watch. Instead, take the necessary steps to secure your end users with an anti-phishing product designed specifically for MSPs and MSSPs by a US-based company who specializes in email security.