How to protect your business from spear-phishing
1. Make use of artificial intelligence (AI)
Small businesses can better protect themselves from spear-phishing by utilising artificial intelligence, according to Barracuda.
“Deploy purpose-built technology that doesn’t solely rely on looking for malicious links or attachments.
“Using machine learning to analyse normal communication patterns within your organisation allows the solution to spot anomalies that may indicate an attack.”
2. Deploy account-takeover protection
Many spear-phishing attacks originate from compromised accounts so it’s vital for employers to ensure staff accounts are set up to alert them if their account is being targeted.
Utilise technology that incorporates AI in order to detect real-time threats and remove malicious emails sent from compromised accounts.
3. Monitor inbox rules and suspicious logins
Be aware of logins from unusual locations and IP addresses – this is often the first indication of a compromised account.
“Be sure to also monitor email accounts for malicious inbox rules, as they are often used as part of account takeover. Criminals log into the account, create forwarding rules, and hide or delete any email they send from the account, to try to hide their tracks,” Barracuda flagged.
4. Use multi-factor authentication (MFA)
Ensure you and your employees are all using two-step verification to enable access to accounts. Some examples beyond a username and password include an authentication code, thumb print, or retinal scan.