Protect Your Business From Phishing
Over the past few years, many businesses have fallen victims to email phishing, which has resulted to huge losses, both in terms of money and time. Phishing is the term given to email messages that look real but are actually fake messages designed to get you to reveal passwords and other sensitive information. They typically link to websites that are almost indistinguishable from the real thing. Even the domain names can be so similar that an expert might have a hard time recognizing that they are imposter websites. As a result, many business people and professionals are wondering what measures can be put in place to protect your business from phishing.
Start with Staff Awareness
Staff may not know how common phishing is and they may not understand the severity of it. Just as the phishing techniques keep changing, you need to keep learning about them from your IT professionals so that your team is able to spot these emails from a distance.
Read carefully and confirm
Read through the email before attempting to click on an image or a link. Spelling errors are dead giveaways. Be especially wary if the link contains a downloadable file. If there’s a .zip file, Word or Excel document, or PDF attachment and you weren’t actually expecting to receive it, contact the sender through a different method (i.e. phone call or text) to ask them if they sent that message.
Also, make sure to confirm any and all requests for invoice payments or financial transactions; this may be best done via calling your contact from your address book or contact list. It’s common for phishing attacks to be long, patient processes where email activity is monitored over time to see patterns of invoices and payments and similar actions. That’s why fake requests can seem just like legitimate ones and happen at the normally scheduled times.
It’s common for phishing attacks to be long, patient processes where email activity is monitored over time to see patterns.
Type instead of clicking
Ask yourself if that request to login to review an invoice, or to update information makes any sense. Even if it does, it’s usually better to never click on a button of this type in an email, because the URL it points to is likely hidden from view. When the URL is visible, it’s not always easy to tell if it’s legitimate because mailing list services modify the address for tracking purposes. So instead of clicking the button, type in the known domain name and login that way, or use a bookmark if you have one set. It may be a hassle, but the inconvenience of a few keystrokes is a lot less than what the business can face if one phishing attack reveals a critical admin login that can impact the entire organization.
The biggest cyber security threat comes from employees answering a phishing email that looks legit and not realizing how it can impact the business. Your IT provider provides valuable protection in the form of firewalls and malware scanning, but it helps to train your staff in helping to protect the business, as they are your front line of protection.
Setup a Free Consultation with our IT Specialists to learn how to protect your business from phishing.