Gaps within your email and web security could lead to ransomware risk

Businesses are responding to the latest vulnerabilities in their email and website security by investing in employee training.

Businesses are continuously becoming victims of phishing emails through poor judgment by their employees and the lack of training to have the ability to recognise these malicious emails. In fact, phishing emails and poor website security are amongst some of the biggest sources of cyber attacks.

According to a recent survey conducted by Mimecast on ransomware preparedness, 54% of businesses received phishing emails with ransomware attachments and 45% said that the ransomware was able to penetrate their system because of an employee visiting a malicious website (1).

The cost of a ransomware attack

Ransomware is a widely known and costly problem. It was reported in the first half of 2021 that the average ransomware payment was £429,923 ($570,000), compared to £235,388 ($312,000) average payment from the year before (1). However, this doesn’t take into account additional expenses such as downtime, removal of the ransomware, lost opportunities and people time. 

Businesses heavily rely on their emails as a means of communication between clients and employees. It is where workflow is managed, and clients are tended to. Downtime as a consequence of a ransomware attack could cost you opportunities and put a strain on trusted relationships with your client base if their data were to be compromised. It doesn’t help that these phishing attacks are becoming more sophisticated and difficult to identify. Many cyber attackers will imitate people that you know or are familiar with such as a colleague or boss.

The golden rule is to not open any emails, attachments or click on links sent by a user that you do not recognise, did not expect an email from or looks suspicious. There is often a “tell” when you receive a phishing email such as:

$

Poor grammar

$

Unfamiliar tone

$

Spelling errors

Email and website security

It was reported that website security was recognised as the most crucial technology in helping to prevent ransomware attacks. This refers to the implementation of VPNs, firewalls, access controls and antivirus software on your devices. All this combined will help to identify any suspicious emails or attachments being sent to your inbox. Antivirus software is particularly good at recognising and blocking potential cyber threat links or web pages.

It is also good practice to have an email filtering tool active that will block any unwanted or potentially malicious code/ links which could compromise your device. These tools will specifically flag up any content that appears as spam or phishing.

Employee Training

Cyber security threats, such as phishing, can cost businesses over a million pounds annually. This number only continues to grow as cyber criminals and their attacks become smarter, more sophisticated, and advanced. Basic cyber security training for your employees is crucial to preventing ransomware attacks that could put you out of business.  

There are four main types of phishing (2):

$

CEO Fraud

Cyber criminals impersonate the CEO of the company, creating an email that intends to look like it has been sent from the CEO to a new or lower-level employee.

$

Domain Spoofing

This is a type of phishing attack where the cyber criminal will create emails and websites which look like a legitimate company. The website will normally feature a URL that is very close to the company that they are impersonating.

$

Whaling

This is the opposite of CEO fraud. Instead, higher-ranked employees such as managers or executives are targeted using highly personalised emails. They can often feature false employee names and job positions.

$

Spear Phishing

These types of emails are designed for specific individuals using enticing subject lines and content.

The key to preventing as many phishing attacks as possible is through training your employees. You need to make your employees aware of the potential threats, how they occur, what are the risks and how to deal with them.


To help prevent ransomware and phishing attacks on your business, it is crucial to provide sufficient training to your employees. They need to be able to identify phishing emails and understand how to deal with them. Learn more about how to prevent phishing attacks on your business by visiting our Email Security page.