FAQs

Frequently Asked Questions

Why are phishing attacks so hard to defend?

Employees are human and all the training in the world won’t keep some of them from clicking on a malicious link in a phishing email. And because attackers never stop evolving and developing new techniques and varying their approaches. It’s why more than 90% of all cyber-attacks still begin with a phishing email. Which explains why less than half of IT executives surveyed believe their ability to block phishing attempts from their users is effective.

What's the best bang for the buck if I'm on a limited budget?

Training employees to raise awareness of phishing attacks is a major component in an overall security strategy, but it’s not the most important one. If you’re budget limited and can only afford to do one thing, then prevention technology should come first. Why? Because even the best security training isn’t 100% effective. And because it only takes one employee to click on one malicious link and the whole network could be compromised.

Why do I need phishing protection if I'm on a hosted plan like Office 365?

The best way to stop phishing is to keep malicious emails from reaching your inbox and that includes your inbox on a hosted solution. Cloud-based email protection provides a buffer before emails reach your hosted email service. Additionally, hosted solutions are generally less capable of defending against exploits called zero-day vulnerabilities. Dedicated solution providers are more effective at protecting against zero-day exploits because they continually feed the data they uncover back to the list and data providers in real time. This positive feedback loop makes dedicated providers quicker at detecting new threats and outbreaks.

What are the two most important defense tactics to prevent phishing?

The starting point for any good anti-phishing technology is link click protection. Tactic number one is to check links prior to arrival. This way emails with known suspicious links can be quarantined and will never make it to the inbox. To be really effective though requires tactic number two: check the links AFTER they arrive. When they’re clicked. Every time they’re clicked.

The most sophisticated attacks today involve a scheme in which the attackers send an email from a URL with a good reputation, but within a few hours they switch out the safe content on the site for their harmful payload. The two most important defense tactics are pre-screening links in emails and continuous, real-time link checking.

Is link checking all there is to phishing protection?

The starting point for any good anti-phishing technology is link click protection. Tactic number one is to check links prior to arrival. This way emails with known suspicious links can be quarantined and will never make it to the inbox. To be really effective though requires tactic number two: check the links AFTER they arrive. When they’re clicked. Every time they’re clicked.

The most sophisticated attacks today involve a scheme in which the attackers send an email from a URL with a good reputation, but within a few hours they switch out the safe content on the site for their harmful payload. The two most important defense tactics are pre-screening links in emails and continuous, real-time link checking.

Is it true that phishing is really a two way problem?

Unfortunately yes. Most people think phishing is a one-way problem. Stop threatening emails from reaching your employees and you’ve solved your phishing problem. There is another vulnerability to phishing however and it’s one that can cost you your business reputation.

If you’re not using authenticated emails, your domain could be used against you. It’s called spoofing and attackers could use your domain to phish your customers. And whether intentional or not, the blame would land on you. When it comes to phishing protection, you need to protect your employees and your customers. You need a strong DKIM, DMARC and SPF policy to protect your domain from impersonation and imposter attacks.

What should a small business look for in a phishing protection solution?

Phishing protection should take a holistic approach. Of course it should include all the advanced scanning technologies with real time data feeds. Additionally, the solution should include the following:

  • Cloud-based protection with quarantine ability
  • Protection for all devices
  • Protection against spoofing
  • Protection with user-controlled settings
  • Customizable whitelists and blacklists
  • Control from a unified web-based console
  • Real time view into the email queue and activity log
  • Fast: it shouldn’t take more than 10 minutes to be up and running
  • Easy: it shouldn’t require any software plug-ins or complex integrations
  • Affordable: it shouldn’t require lengthy contracts or per-user fees
  • 24/7 technical support
Is there a way to get advanced phishing protection that's fast, easy and affordable?

Happily yes. Phish Protection provides enterprise-class email protection at small business prices. A complete suite of email security solutions used by over 1,000 small and mid-size businesses worldwide. There are no sales calls, no contracts, and you’re up and running in 10 minutes. Click here to get started today.