Your company is likely already equipped with the latest anti-virus software to prevent viruses and Trojan horses from making their way onto your company computers, which could compromise your system and data. But phishing scams aren’t as easy to thwart off with anti-virus software.
That’s because the software or link itself may not be dangerous to the computer, but the scam artist behind it could mean trouble for your business.
Phishing scammers use deceptive practices to gather your personal information. For instance, they may send legitimate-looking emails to employees. These emails often appear as if they’re from services your employees commonly use. The email may ask them to visit a link and re-enter their password or “confirm” their credit card number.
The consequences of phishing can be serious—not only will attackers be able to access your accounts with the data they’ve been given, but they can also gain access to higher networks as well, possibly compromising multiple accounts or large amounts of sensitive information.
Successful phishing attacks can result in accounts and financial information being compromised, contacts mined and sent emails, and in worst case scenarios, stolen identities.
Image via Get Cyber Safe
Phishing is more common than you think—156 million phishing emails are sent every day, and up to 80,000 people fall for these scams daily. The top industries targeted by phishing scams are payment services, financial services and the retail/service industries, so stay extra vigilant when dealing with emails coming from companies in these industries.
Once this information is entered, the crook can use that information to his advantage. If it’s something like passwords, he can hack into sensitive company data. Here’s how to protect your company from phishing attacks.
Related Article: Shark in the Water: Protecting Your Business From Phishing
Develop a Company Email Policy
You can reduce the risk of phishing attacks by ensuring your employees are following strict guidelines. Since many phishing attacks come through email, a good policy about work emails should be in place. Here are a couple of guidelines you might want to include:
- Do not use work email for personal use or to sign up for third-party sites or newsletters.
- Use a password manager or change your password every 3-6 months.
- Report suspicious emails to management.
- Company information—such as credit card numbers—should not be shared without authorization at any time, even if you are contacted by the credit card company.
Image via Bellevue College
Perhaps the best way to ensure your business doesn’t fall victim to phishing scams is to educate your employees about how to spot them and what to do if they encounter one.
- They contain mismatched or misleading URLs.
- They generally use poor spelling and grammar.
- They ask for personal information, such as bank account information, passwords, or answers to security questions.
- They ask you to send money.
- The message includes unrealistic threats, such as closing your account if you don’t respond to the email.
As Entrepreneur says, phishing emails often include urgent subject lines, such as “Warning: You Must Update Your Account Immediately” or “Notice: Your Account Has Been Suspended.”
These are all ways you can spot phishing scams, but what do you do about them? First, inform employees that they aren’t to open these emails. If they happen to open them before realizing they’re scams, inform them not to click on any links in the emails. Regardless of if they shared any sensitive information or not, have them report the emails to upper management.
Related Article: 11 Ways to Protect Your Business from Cyber Criminals
Enable Password Safety Measures
One of the easiest pieces of data for crooks to steal through phishing scams is passwords. They send an email that looks legitimate and leads to a page where users have to input a password.
Once they know that password, they can get into other accounts that use the same credentials. Start by developing a policy in which employees can’t reuse passwords. Then, use additional security measures, such as a password manager, for sensitive accounts so that even if hackers have the passwords, they can’t get into the accounts.
Keep in mind that even accounts that don’t house private data can cause huge problems. For instance, a scammer may gain access to one employee’s email password. They can then use that account to send a seemingly trustworthy email to other employees to gather their credentials for other accounts, such as company credit card numbers.
Now that you have a better idea of how to combat phishing attacks, what steps will you take to minimize security breaches in your company?