6 Tips to Protect Yourself Against Phishing Attacks
Securing your data, including all of your customer information, is one of your most critical responsibilities as a business owner. When it comes to ensuring that security, being aware of email phishing dangers and training staff on how to avoid being victimized is vital to safeguarding your data.
Even though most of us are aware of the phishing problem, we may not realize just how far-reaching it is. As users have become more astute, phishers have also become more sophisticated and, unfortunately, successful. According to the
2019 Phishing Trends and Intelligence Report from PhishLabs, phishing grew nearly 41% from 2017 to 2018. For the scammers doing the phishing, it can be lucrative; the average phishing attack for a mid-size company costs the firm about $1.6 million.
Every person in your company needs to understand how phishing works, why it’s so dangerous and how to stay protected from such attacks. Providing employees with phishing email examples can help show them what to look for.
What Is Phishing?
Phishing occurs when an attacker sends an email that appears to come from someone else, such as a reputable company like Google or Microsoft. The goal of the email is to get the person to open it and provide sensitive information, which could include a username, password or even credit card and bank account information. Good phishing email examples are very hard to distinguish from legitimate emails unless users know exactly what to look for.
Statista, the seven brands most frequently impersonated by phishers are:
The emails are designed to appear authentic and are sent from a username or email address that looks legitimate; it could even appear familiar to the recipient, such as looking like it comes from an organization’s CEO or a manager. Phishers typically use a real logo or signature to add to the authentic appearance of the email, and the email will have a sense of urgency or fear — such as saying the reader needs to update a password or make a payment to avoid having their account suspended.
When the user clicks on the link, they are victimized by ransomware or malware. They may lose data or have their computers shut down. In addition to phishing scams via computer, now users can also be phished on mobile devices, through text messaging, by fake ads on websites and apps and by vishing, which is when a scammer uses phone calls or voicemails to attempt to get sensitive data from someone.
How to Keep Your Company Safe from Phishing Attacks
Educating everyone in your company about how to spot a fake email is a good start to protect your company from phishing attacks.
Research from Intel Security shows that 97% of people are not able to distinguish a phishing email from a legitimate one, so start by providing education on what to look for. (This free interactive quiz by Google is a great tutorial.)
Unfortunately, it will take more than that to protect your company from malicious phishing attacks. You also need to make sure you have all the necessary precautions in place to make it difficult for phishers to cast their hook your way. Here are five ways to protect yourself and your company from dangerous phishing attacks.
No. 1: Keep Company Email Addresses Private
It used to be common practice to include the emails of employees on company websites, but the same practice that made it easier for customers to reach them also made them easy targets for phishing.
Publishing email addresses on your company website makes it possible for scammers to create phishing campaigns based on your organizational charts and lure employees into opening emails they think came from a co-worker or superior.
No. 2: Keep Your Work and Personal Email Separate
While it’s easy for your professional and personal lives to blend together, you shouldn’t let your email do the same. Make sure you (and all of your employees) are using work email only for work purposes. When work emails are used for personal purposes, it can lead to a number of
problems, including account hijacking and phishing attacks.
No. 3: Watch Out for Shortened URL links
While shortened links are easier to share, they also make
great phishing bait. Cybercriminals have figured out that using condensed links like bit.ly removes the name of the domain, which means it’s easier to direct someone to a site that might be unleashing malware or stealing credentials. Sites like CheckShortURL.com are useful for ensuring you’re being directed to a legitimate site. It’s worth the extra step to avoid being victimized by a phishing scam.
No. 4: Use Unique Passwords
When you use the same password for multiple sites, you increase the risk of giving away sensitive information. After all, it only takes one hack and the scammers can access all kinds of data. This happens more often than most people realize; according to
TeleSign, more than half of computer users have five or fewer passwords for all of their accounts, which means a hacker can take down several accounts just by cracking a single password.
Making sure every employee uses unique passwords for every account is kind of like making sure they’re using a different key for every door; if one gets stolen, it won’t provide access to additional entryways.
No. 5: Use Multifactor Authentication Whenever Possible
Multifactor authentication can be particularly helpful in the event that your credentials are compromised, as it requires you to take an additional step and provide more information before being able to log into an account. The device you’re logging into, such as your phone or laptop, can count as one form of authentication if the site is designed to remember it, while your unique password can serve as a second form of authentication.
No. 6: Don’t Take the Phishing Bait
Finally, it’s critical to emphasize to employees that browsing should only be done securely on HTTPS sites. However, this isn’t the final word on secure browsing, since recent reports show that more than half of all phishing sites are now
using HTTPS to trick users into providing them with information. This prevents Google Chrome and other browsers from sending a warning that the site may not be secure, so users should make sure they’re looking closely at the site to ensure it’s legitimate before they enter their information.
Keep your company safe in 2020 and beyond by making sure you’re educating employees about how to avoid phishing attacks and that you’re following all of these best practices yourself.