[BreachExchange] 6 Tips To Keep Yourself & Co-Workers Safe From Phishing Attacks

Audrey McNeil audrey at riskbasedsecurity.com
Fri Apr 27 18:13:42 EDT 2018


http://www.itbriefcase.net/6-tips-to-keep-yourself-co-
workers-safe-from-phishing-attacks

There is a growing concern among businesses about phishing attacks. What’s
phishing, you might ask? Phishing is a form of spam where hackers try to
steal your personal information by tricking you.

An example of phishing might be when you receive an email claiming it’s
from your Amazon and asking for you to log into your account. If you’re not
careful and don’t look for any warning signs on the email, you could
voluntarily give your private baking information away on accident. Yikes.

These phishing emails are getting so good that 97% of people cannot
recognize a phishing link. Being that a lot of business is done online
these days you can imagine how stressful phishing attacks can be for large
companies. When phishing happens to an individual, it’s a pain, but when it
happens to a company, it can cause problems for millions of people..

Without a cybersecurity plan, your business could be at stake. While you
may know what phishing is, there’s a good chance a lot of your employees do
not. Anyone with access to company computers should be aware of
cybersecurity best practices, and in this article, we’ll go over the most
effective tips.

Tip #1: Show how cybersecurity can hit close to home

When establishing a cybersecurity plan at work, you could go on and on
about how a data breach would be horrible for business—but be honest with
yourself, do you really think employees care about the bigger picture? The
truth is, you need to explain and demonstrate a breach of privacy to show
employees just how devastating it can be.

Luckily big data breaches like EquiFax have been front page news so most
people realize it is a problem. By explaining how employees can avoid
phishing at home, with their own bank accounts and families, the point
might hit a little harder. Give employees actionable tips to use in their
own homes, plus cybersecurity tips that mean most at work.

Tip #2: Learn to sniff out phishing scams

To prevent cyber criminals from doing damage to your company, instruct
colleagues and employees to be vigilant when trying to decode an iffy email.

Here are the things to look out for that can be a sign of a phishing email:

- It comes from someone they don’t know
- It comes from someone they have not received mail from before
- It is not something they were expecting to receive
- It looks odd and has unusual spellings or characters
- It does not pass your antivirus program test

If the occasion arises where you or an employee accidentally does click a
phishing link, honesty is key. Let everyone know about the suspicious
email, because chances are you aren’t the only one who received it. Plus,
if company info is at stake, it needs to be handled before the risks
escalate. If a phishing link is clicked, here’s what to do immediately to
lessen the damage and hopefully discourage any foul play.

Tip #3: Keep computers and phones updated

Because smartphones are basically mini computers in your pocket… Guess what
phishing scammers are going after now? You guessed it: phones. Keep your
devices updated—especially those with security software on them.

There are consistently new forms of malware popping up that are trying to
get past your antivirus software and firewalls, so keeping devices updated
is one way to stay ahead of the scammers. You should also double-check that
your wireless connection is secure—that’s a big one!

Tip #4: Create strong passwords

If you’re training colleagues and employees to be safer with fishy emails
and links, one actionable tip is to ensure everyone creates strong
passwords for their accounts. Not only their email accounts, but any other
online account connected to your company could be in jeopardy. Think
content management systems, project management systems, and communication
applications.

A strong password is one that contains at least one uppercase letter, at
least one number, and at least one special character. Mix in some of these
characters to make your password a lot tougher to guess, and don’t choose a
word that could be easy for a hacker to try. That means you should stray
away from using your name, your birthdate, or any other telling details
that a cybercriminal could find out with a little research. You should also
refrain from using the same password for multiple sites. A strong password
could be the last line of defense you have.

Tip #5: Add two-step authorization to email accounts

Because email is primarily where phishing attacks happen and also where a
lot of company information is shared, you should focus heavily on locking
down all employee email accounts with two-step authorization. Two-step
authorization is exactly what it sounds like: It is a process requiring two
steps (instead of one) for you to log into your account. So, if a criminal
stole your password, they would try to enter it, but then they’d be taken
to one more screen stating it will send a code to your phone via text or
call. You’d then have to enter that code on the screen for access.
Obviously, the criminal won’t have your phone, and they therefore cannot
hack into your account.

Tip #6: Make cybersecurity training mandatory

Yes, even for the C-suite. The weakest link in your business is the human,
and if every single human in your business is not up-to-date on the latest
cyber threats, you’re risking the livelihood of your entire company. To
ensure nothing falls through the cracks, arrange that every new and
existing employee receives proper training in cybersecurity, alongside some
well-placed policies that enhance security. It’s recommended to
continuously re-evaluate your cybersecurity program and implement annual or
occasional refresher sessions that go over new threats.

Conclusion

Protecting your company from cyber attacks and phishing attacks is not
always simple, which is why you should take the matter very seriously.
Implementing mandatory cybersecurity training and using personal messaging
to help employees understand and care about phishing attacks are two
important tips for keeping your data safe.

Of course, sometimes mistakes happen. We are only human, after all! Though
you can’t always be perfect, taking the right steps to prevent phishing
attacks will definitely help keep important company information private.
Just remember to always be weary when using the web, and relay this
information to your colleagues to form a tight circle of trust.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180427/ba7a6d06/attachment.html>


More information about the BreachExchange mailing list