Top Anti-Phishing Tips for Your Business
Just as science and technology continue to move forward and evolve, so too do the ways in which scammers ply their trade. Where they once may have relied on phone calls or even face-to-face interaction, today’s scammers are now using more advanced means to reach a larger group of potential victims. It is not always individuals that are being targeted, however; small- and medium-sized businesses are looking for ways to defend themselves from increasingly frequent cyber attacks, including phishing emails.
How Do Phishing Emails Work?
Phishing, just like real fishing involves the simple act of tossing out a hook and hoping to get a bite. Phishing emails arrive in your inbox looking like legitimate emails, in the hopes that you will respond to them as such. They may thus trick you into supplying either information, or even access to your systems if you enter a password or click on a link to an infected site.
With the prevalence of phishing email cyber attacks, it is important to take any and all steps that you can to protect yourself and your business. With so many emails passing through multiple departments and travelling to and from many employees, it falls upon the individual to maintain security.
Here are some tips to help keep your company safe:
- Install an Anti-Phishing Toolbar on all Machines
Your staff should be using internet toolbars that can be customized to include anti-phishing toolbars, which can check the sites that users visit and compare them to a list of known phishing sites. The toolbar can then alert the user to the malicious nature of the site.
- Never Trust a Pop-Up
Not every pop-up is going to be part of a fishing tactic, but this is one of their popular tools. Fortunately, most browsers allow you to block pop-ups. If one manages to slip past the block setting, however, your staff should be made aware that clicking on “close window” or “cancel” might actually bring them to the fishing site. They should instead be trained to click on the “X” in the top corner of the pop-up.
- Try Phishing Yourselves as a Test
It can be difficult to know how your employees will react in a given situation. Will they exercise sound judgment? Even with training, they may not. A good idea, then, is to perform an undercover test to see how they respond. If any of your employees respond incorrectly, it would be a good idea to review the training and go over security and IT training as pertains to email and cyber crime.
- Keep Your Browsers Up to Date
This is a simple enough tactic, but one that can be overlooked fairly often.
The popular browsers tend to be quite good in responding to current trends by releasing patches that correct the loopholes that hackers and phishers use. When you receive notifications about updates, it can be tempting to ignore them and think “maybe later” but you should have your staff install them right away.
- Make use of Firewalls
The purpose of a firewall is to keep your company safe. There are both software and hardware firewalls, designed to protect your desktop and your network. These should be used in unison in order to dramatically improve your security.
- Always Check a Site’s Security Before Sharing Information
There are many situations in which your business may need to share sensitive information or make payments online. This is perfectly valid, but before doing so, you should ensure that the website is secure. Some ways of doing this include looking for the “https: in the URL and checking for a closed lock icon by the address bar. Check also for the site’s security certificate.
- Have Your Data Encrypted
Your IT department should always ensure that your sensitive data is encrypted. Hackers are always looking for unprotected information.
- Do Daily Backups
Always keep a backup of your data, made at least daily. This will allow you to revert back to it if needed and prevents a cyber criminal from holding stolen data hostage.
While it is impossible to ensure your data is 100% safe, there are definite steps that should be taken to be as secure as possible. Better to spend a little time and effort protecting yourself than the expense of rebuilding from a cyber attack.