Phishing attacks are very complex and deliberate. Attempts at acquiring sensitive information can come in many ways. Most popularly, through emails, although they may come from phone calls, websites, and by regular mail. Their main objective is to end up with some type of critical information that gives them further access to a system, computer, or an account.
Several phishing attempts are done by gathering small bits of information over several attempts, and they may use multiple communication channels. Often, they pretend to know you or possibly even work for a company partner or client. Everyday users are the largest threat to a company’s data security. That is why educating all staff and being alert is one of the best preventative measures your company could take.
How best to educate your staff on phishing attack prevention:
- Verify the source of the outside communication
- Some phishing attempts may appear as if they are from Microsoft, an IT company, a bank, co-worker, family, friend, or pretty much anyone. This can include getting a case number and contacting an already known or published line.
- Open another Internet window to research the company, website, or software product can help confirm authenticity.
- Do Not Click on ANY unknown links, emails, or programs
- Review the sensitive information employees shouldn’t provide over the phone
- For example: Names, contact information, ID numbers, Network information, WIFI Passcodes, and even vendor information
- Get proactive & protect yourself by setting up your Firewall & Anti-Virus
- Configure your firewall & your wireless network to have complex passwords
- Install an up-to-date anti-virus that watches your emails and looks for spyware
- Make sure to update your anti-virus regularly
Planning for a security breach emergency:
Even with taking these steps to educate, you will still need to have a plan in case of emergency.
- Ensure all employees know who to contact for help or questions
- Even with the smallest mistakes, employees need to know who to contact for help – someone to review their actions and determine their next steps. It is always worth placing a call or sending a screenshot to an IT professional, instead of ignoring the unknown. This small step can save hours, if not days of trouble.
- Constantly share information and prioritize continued education
- Don’t let the conversation of company security or IT security happen only once. Share this information, new information, and especially current phishing attempts. If you receive a phishing attempt through business lines, there is a good chance others in your company will receive it. This will prevent others from becoming a victim to phishing attacks.
To learn more about how you can protect your business from future threats and ensure data security, contact our specialists today!