7 Ways to Avoid Getting Phished
Malware was once little more than a harmless (though annoying) pop-up ad or a fake tech support link. But in the past decade, hackers have become meaner, greedier, and more willing to destroy a business to get what they want.
From ransom-ware to credit card number theft, most businesses can’t afford to allow even a small virus to slip through their defences.
Because even if your firewall is cutting-edge and correctly configured, hackers have found a cunning way to circumnavigate all of it through a social engineering trick called ‘phishing’.
When a business is ‘phished’, the hackers research a specific employee and create a fake email that appears to emanate from their boss, co-worker, or a customer in need of assistance. The email typically includes a plausible reason to open the attachment that contains self-loading malware.
So how do you close this yawning gap in your cybersecurity strategy? Here are seven tips to help you train your employees, detect phishing attempts, and keep your business safe from malware infection.
1 Watch Out for ‘Spoof’ Addresses
The basic phishing trick is to spoof an email address of someone the target knows, but there is always a subtle difference. Email addresses are based on domains so the hacker simply buys a similar domain and makes a nearly identical email profile to send from.
Train your employees to watch for discrepancies like the difference between “email@example.com” and “firstname.lastname@example.org”. Spot the difference?
2 Check Your Contacts List
Of course, we acknowledge that watching for single letter differences in a ‘work’ email address is tedious. Fortunately, modern technology has something to offer. Unless the hacker is pretending to be an unknown customer (no need for a spoof), the real sender should be in your contacts list. If the email seems to be from someone you know but for some reason isn’t in your contacts list, there’s a very good chance it’s a spoof.
3 Use Email Scanning Software
There are a few pieces of software that can help you detect phishing. The most common method is another form of virus scanning in which the program scans all email attachments for signs of malicious programs inside. Another type of software protection is a spoofing check, which watches for those subtle changes that might indicate a phishing attempt.
4 Have an Approved File Sharing Method
One way to ensure that your employees never open any email attachments from their work computers is to have an approved way to share files.
Several public file-sharing platforms – which block malware uploads – are available. Or you could integrate one into your business software suite. That way, whether co-workers or customers want to send a file, first they must upload it to a protected virus-scanning platform and then your employees will access the platform (not download the file) to retrieve it.
5 Watch Out for Pushy Hackers
No longer satisfied with just catching people they can trick into opening malicious files, hackers have ramped up the social engineering to coax your employees into opening attachments by pretending to be customers.
If a customer calls or sends a message that results in the insistence that an employee opens an email attachment or some other questionable download, don’t do it. Direct them instead to the approved file sharing method. If they hang up, the ‘customer’ was probably a pushy hacker.
6 Reward Employees for Reporting
If you want your employees to adhere to safety protocols, consider offering a reward. While phishing may be a rarity in your business, make sure your employees know that a successfully avoided and reported phishing attempt will result in something like a catered lunch for the team, or a t-shirt, or their picture on a wall.
7 Run Phishing Drills
Finally, one of the biggest problems with keeping your staff alert against malware attacks is that while businesses are hacked every day; until yours is hacked things remain rather quiet. To keep the staff (everyone from the execs to the mailroom) on their toes about network security, invite your IT team to occasionally stage a few phishing, whaling, and other malware drills each month.
The technicians will have a blast, while everyone else gets a chance to either win a prize or safely learn from their mistakes.
If you’re in business, and you’d like to learn more about the support we offer, reach out to us for a friendly and highly informative discussion.