Best Practices for Protecting Your Small or Medium Size Business from Best Practices for Protecting Your Small or Medium | Page 4

Hosted solutions are generally less capable of defending against exploits called zero-day
vulnerabilities. One of the latest and most damaging malware variants is an Office 365-based
zero-day exploit called baseStriker. Cybercriminals took advantage of a flaw in the way Office 365
servers qualify incoming emails to send malicious code through a rarely-used HTML tag that Office
365 doesn’t support or recognize.
Whether you use an on-premise or a hosted email solution, one of the simplest and most
effective mitigation techniques to fight phishing is not to allow such email onto your network
in the first place.
76% of businesses reported being a victim of a phishing
attack in the last year

- Wombat
Training alone won’t do it
Training is essential but…
Training employees to raise awareness of phishing attacks is an major component in an overall
security strategy, but it’s not the most important one. If you’re budget limited and can only afford
to do one thing, then prevention technology should come first.
Why? Because even the best security training isn’t 100% effective. And because it only takes one
employee to click on one malicious link and the whole network could be compromised.
Despite years of corporate education, phishing still remains the single most successful means of
illicitly gaining access to business assets. People may be aware of the fact that an email could
be suspicious, but that doesn’t keep some of them from clicking it. Curiously some of the worst
offenders are in the IT department, which is staffed by those who should know better.
Your employees know not to click on executable files but you still install antivirus software. It’s the
same reason you prioritize phishing prevention technology over training.
Best Practices for Protecting Your Small or Medium
Size Business from Phishing
4