Experts say employee education key to avoiding phishing attacks
RUTLAND, Vt. (WCAX) - What can you do to protect your business from a cyberattack? It was revealed this week that the $50 Million University of Vermont Health Network ransomware attack last fall happened after an employee opened a link in a personal email. Olivia Lyons spoke with experts about steps to mitigating malware.
Businesses can download software to check links, but Duane Dunston, an information security professor at Champlain College, says education among employees is also very important. “It only takes one computer to compromise your entire organization,” he said.
Dunston says when a company is compromised, like in the UVM Health Network case, the attackers can piggyback off existing email threads, making it even more likely for someone to click on a link. “Really looking at the email and looking at the links and the person who sent it to you. One, do they normally send you links? Is this somebody I regularly communicate with?” he said.
But if hackers learn how an organization formats their emails, it can be difficult to decipher, so it is important for businesses to educate their employees about once a month. Dunston says one way is by sending your own employees phishing emails and then educate those employees who click on them. “They do make people more aware of the threats and how easy it could be to get someone to click on a link,” he said.
Dunston encourages employees to only use their business email at work, not their personal email accounts, and he says it is also important to pay attention to who you are replying to. “You see the ‘from’ address when you click reply, make sure it’s the same address,” he said,
And organizations can take action to check emails sent to employees before they arrive in their inboxes by filtering all emails with links and attachments. They can also purchase software to decode encrypted URLs and check IP addresses before deciding whether to let that email reach its intended target.
“As we saw at UVM systems and others in the media, if you don’t have a good process to restore pretty quickly from a ransomware attack, some businesses end up going out of business or have to pay the ransom to get their documents back,” Dunston said.
He says for enterprise businesses, the software programs can be pricey, but some email accounts already have the option to filter emails.
Copyright 2021 WCAX. All rights reserved.