Best Practices for Protecting Your Small or Medium Size Business from Best Practices for Protecting Your Small or Medium | Page 3

A problem that can’t be
solved (completely)
If you’re responsible for IT at a small or medium
size business, you understand the threat from
phishing and other email-based attacks. More
than 90% of all cyber-attacks begin with a
phishing email. It explains why less than half of IT
executives surveyed believe their ability to block
phishing attempts from their users is effective,
according to research conducted by Osterman.
When you realize that the threat from phishing is
partly technology and partly human nature, then you
also understand that it’s not something you fix once
and forget. You’re never 100% protected because
attackers never stop evolving and developing
new techniques and varying their approaches. A
sophisticated cyber-attack always has the potential
to penetrate even the best cyber defenses.
When it comes to protecting your company from phishing, malware and spoofing,
it’s less about trying to solve the problem completely and more about mitigating and
managing your risk continuously.
It’s about mitigation
Mitigating the phishing problem requires taking a holistic approach. For a small business that
means combining phishing awareness training and technology for protection because training
alone has proven to be ineffective as a long term strategy.
On the technology side it means combining on-premise with cloud-based solutions. But mostly
what it means is taking a layered approach to email defense because no single piece of hardware,
software or training effort will protect your users.
A layered approach, which is almost always employed in large organizations, has been unaffordable
for smaller businesses until recently. And while it may seem counterintuitive, the layered approach is
essential for those using hosted email services like Office 365. That’s because native security solutions
in hosted services are often inadequate. They present a large attack vector that’s hard to defend. And
because it’s just not their core expertise.
Best Practices for Protecting Your Small or Medium
Size Business from Phishing
3