With the ever-changing digital economy and its global impact, small to mid-sized businesses are on guard and on careful watch. With so much news on cyberattacks and with cybercriminals becoming increasingly creative with their methods, companies are looking for ways to out-clever the fox, so to speak.
First of all: What exactly is a “phishing email?”
Phishing emails are messages that appear to be official but are in fact fake. The goal is to trick your staff into supplying information or providing access to your systems, such as entering a password or clicking on a site that is infected.
They say in some sporting events, defense is everything. Which begs the question, what is a good anti-phishing defense? The easiest method to avoid a phishing email scam is to think about it BEFORE you click. Only click on websites that are trustworthy. Only respond to e-mails when you are sure of the source.
When working with numerous departments and many different employees, it can be hard for IT to control and question every email that comes in, though. So it’s up to the users to help you defend the organization.
Tip One: Have All Machines Install an Anti-Phishing Toolbar
Have your staff use Internet browsers that have the ability to be customized with anti-phishing toolbars. These types of toolbars can run a quick check on the site the user visits and will match them to lists of known phishing sites. The toolbar will alert the employee if the site the person lands on is malicious.
Tip Two: Don’t Let Employees Trust a Pop-Up
While pop-ups can be okay for websites to include, it is also a common phishing tactic. Most browsers allow users to block pop-ups. If a pop-up does appear or slips past the block setting, train your staff that they should not click any “cancel” or “close window” buttons on the screen. This might take them to the phishing site. Instead, tell your staff to click on the “x” at the top corner of the pop-up.
Tip Three: Test Your Staff and Phish Yourselves
Will your people fall victim to a phishing scam? It’s hard to manage users all the time and predict their judgement.
An undercover test is a great way to find which employees may fall prey. If any of your people get caught, then it is a good thing to reiterate some basic security and IT training when it comes to managing emails and avoiding cybercriminals.
Tip Four: Users Should Keep Up to Date Browsers
Popular browsers often release security patches in response to current trends. This includes loopholes that phishers and hackers find and exploit. Don’t ignore messages about updating your browsers. When an update is available, install it right away and inform your staff to do the same.
Tip Five: Leverage Firewalls to Stay Safe
Firewalls are made to protect your company. It will serve as a buffer between your device and the potential intruder. There are different kinds, so keep in mind that your IT team should have a desktop firewall and a network firewall. One is a software and one is a hardware. When both are utilized together, “teamwork makes the dream work” by dramatically reducing the odds of falling victim to phishing scams.
Tip Six: Verify a Site’s Security Before Engaging
Businesses often need to supply sensitive financial information and make payments online. If a website is secure, however, you’ll be fine. A couple of items to check for before submitting information include checking for the “https” in the URL address. There should also be a closed lock icon near the address bar. Look for the website’s security certificate.
Tip Seven: Encrypt Your Company’s Data
Cybercriminals are hiding the shadows, on the prowl, waiting to attack and that can be for any type of data you have lying around. Hackers look for data like banking information and social security numbers. Wherever a small to mid-sized business is keeping important, sensitive data, the IT department must ensure that is encrypted.
Tip Eight: Companies Should Back Up Daily
If you backup your data on, at least, a daily basis, you can revert to the back-up files if your computers or servers get locked. This eliminates the need to pay a cybercriminal to get the data (or access to it) back.
There is no way to keep your company and your data 100% safe, but you can and should reduce your company’s vulnerabilities. A few simple cost-effective measures can make a big difference in decreasing both the likelihood and the financial effect of getting hacked.