6 Tips To Keep Yourself & Co-Workers Safe From Phishing AttacksApril 27, 2018 No Comments
Featured article by Steve Orowitz, Consultant and Tech Writer
There is a growing concern among businesses about phishing attacks. What’s phishing, you might ask? Phishing is a form of spam where hackers try to steal your personal information by tricking you.
An example of phishing might be when you receive an email claiming it’s from your Amazon and asking for you to log into your account. If you’re not careful and don’t look for any warning signs on the email, you could voluntarily give your private baking information away on accident. Yikes.
These phishing emails are getting so good that 97% of people cannot recognize a phishing link. Being that a lot of business is done online these days you can imagine how stressful phishing attacks can be for large companies. When phishing happens to an individual, it’s a pain, but when it happens to a company, it can cause problems for millions of people..
Without a cybersecurity plan, your business could be at stake. While you may know what phishing is, there’s a good chance a lot of your employees do not. Anyone with access to company computers should be aware of cybersecurity best practices, and in this article, we’ll go over the most effective tips.
Tip #1: Show how cybersecurity can hit close to home
When establishing a cybersecurity plan at work, you could go on and on about how a data breach would be horrible for business—but be honest with yourself, do you really think employees care about the bigger picture? The truth is, you need to explain and demonstrate a breach of privacy to show employees just how devastating it can be.
Luckily big data breaches like EquiFax have been front page news so most people realize it is a problem. By explaining how employees can avoid phishing at home, with their own bank accounts and families, the point might hit a little harder. Give employees actionable tips to use in their own homes, plus cybersecurity tips that mean most at work.
Tip #2: Learn to sniff out phishing scams
To prevent cyber criminals from doing damage to your company, instruct colleagues and employees to be vigilant when trying to decode an iffy email.
Here are the things to look out for that can be a sign of a phishing email:
- It comes from someone they don’t know
- It comes from someone they have not received mail from before
- It is not something they were expecting to receive
- It looks odd and has unusual spellings or characters
- It does not pass your antivirus program test
If the occasion arises where you or an employee accidentally does click a phishing link, honesty is key. Let everyone know about the suspicious email, because chances are you aren’t the only one who received it. Plus, if company info is at stake, it needs to be handled before the risks escalate. If a phishing link is clicked, here’s what to do immediately to lessen the damage and hopefully discourage any foul play.
Tip #3: Keep computers and phones updated
Because smartphones are basically mini computers in your pocket… Guess what phishing scammers are going after now? You guessed it: phones. Keep your devices updated—especially those with security software on them.
There are consistently new forms of malware popping up that are trying to get past your antivirus software and firewalls, so keeping devices updated is one way to stay ahead of the scammers. You should also double-check that your wireless connection is secure—that’s a big one!
Tip #4: Create strong passwords
If you’re training colleagues and employees to be safer with fishy emails and links, one actionable tip is to ensure everyone creates strong passwords for their accounts. Not only their email accounts, but any other online account connected to your company could be in jeopardy. Think content management systems, project management systems, and communication applications.
A strong password is one that contains at least one uppercase letter, at least one number, and at least one special character. Mix in some of these characters to make your password a lot tougher to guess, and don’t choose a word that could be easy for a hacker to try. That means you should stray away from using your name, your birthdate, or any other telling details that a cybercriminal could find out with a little research. You should also refrain from using the same password for multiple sites. A strong password could be the last line of defense you have.
Tip #5: Add two-step authorization to email accounts
Because email is primarily where phishing attacks happen and also where a lot of company information is shared, you should focus heavily on locking down all employee email accounts with two-step authorization. Two-step authorization is exactly what it sounds like: It is a process requiring two steps (instead of one) for you to log into your account. So, if a criminal stole your password, they would try to enter it, but then they’d be taken to one more screen stating it will send a code to your phone via text or call. You’d then have to enter that code on the screen for access. Obviously, the criminal won’t have your phone, and they therefore cannot hack into your account.
Tip #6: Make cybersecurity training mandatory
Yes, even for the C-suite. The weakest link in your business is the human, and if every single human in your business is not up-to-date on the latest cyber threats, you’re risking the livelihood of your entire company. To ensure nothing falls through the cracks, arrange that every new and existing employee receives proper training in cybersecurity, alongside some well-placed policies that enhance security. It’s recommended to continuously re-evaluate your cybersecurity program and implement annual or occasional refresher sessions that go over new threats.
Protecting your company from cyber attacks and phishing attacks is not always simple, which is why you should take the matter very seriously. Implementing mandatory cybersecurity training and using personal messaging to help employees understand and care about phishing attacks are two important tips for keeping your data safe.
Of course, sometimes mistakes happen. We are only human, after all! Though you can’t always be perfect, taking the right steps to prevent phishing attacks will definitely help keep important company information private. Just remember to always be weary when using the web, and relay this information to your colleagues to form a tight circle of trust.