Every time I hear the word “phishing,” I can’t help but think about baiting the hook, casting a line, and waiting, waiting, waiting to catch something (preferably not seaweed or an old boot). While this may evoke childhood fishing memories, phishing with a “ph” is bad news.
Phishing is when a person with malicious intent tries to trick you into giving away sensitive information. While everyone should be careful about what they share online, phishers are even more interested in businesses because there is more money to be made from them.
If you own a business, it is your responsibility to make sure that your company and its employees make safe decisions. While it is impossible to prevent phishing attacks with 100% efficiency, there are some things that you can do to prevent or lessen the damage.
Educate, Educate, Educate
A company’s private information is only as safe as its least educated employee, so you need to train up your staff from the beginning and regularly afterward. Phishers are getting more sophisticated every day, so what was good enough training six months ago, might not offer very much protection now.
One of the sneakiest ways that phishers “get” people is through cleverly worded emails. The ones that tend to get the most downloads sound authoritative or have pertinent information in them that hackers gleaned from other sites, such as company webpages, social media, and blogs.
Your employees need to know never to click on links in an email or download any attachments without first cross-checking via phone call or text message. In fact, your employees should know not to open any emails that they don’t immediately recognize and to remember that no legitimate company will ask for any personal information or passwords in an email.
When clicking on links using a company computer, phone, or network, always check for https at the beginning of the URL. This shows that the website is secure, which gives you a higher chance for a safe encounter online, but that still isn’t enough. Look for correct spellings, and hover over, but don’t click, on any link you get in an email. Some phishers will rewrite the link wording and hide the real link within the hyperlink, so it’s crucial to be vigilant in making sure that any link – whether in a seemingly legitimate website or email – is not masquerading as something more sinister.
Phishing goes beyond the digital realm, so be sure to educate everyone at your company about the dangers of hardware devices as well. A USB drive could be strategically left in the bank lobby, be found by an employee, get plugged into a company computer our of curiousity, and compromise the entire system.
Test through Experience
Certain programs are available online that will send out fake phishing emails to your employees and send you back the analytics. This can provide you with valuable information as to where your company security is weak and who needs to receive additional training.
Passwords are a necessary evil in the online world, but the way you set yours up might not protect you as much as you think. There are certain things that you should keep in mind as you set your passwords.
If you want your information to be secure, you need to regularly change your passwords and make them complex.
- Are not grammatically correct
- Have numbers, capitals, lower case, and symbols
- Have a minimum of 12 characters
- Use random numbers and words in a random order
For information that is vital to company security, you should set up your system to require two-person authentication. This is different than two-factor authentication, which requires two forms of security to be met. Two-person authentication requires two different humans to engage a security measure, making it a lot more difficult for hackers to breach your system.
This seems like a no-brainer, but you need to be discrete with your passwords and security questions. Don’t use any security questions that you’ve answered anywhere on social media. Don’t keep a logbook of your current and past passwords (unless you use a highly-rated password storing application), and of course, don’t tell anyone your password.
Don’t Mix Business and Personal
If all of your passwords are the same, a hacker has free range in both your private and business life. Don’t mix and match.
Last, but not least, you need to beef up your security. Make sure that your anti-virus programs and SPAM filters are up-to-date and free of holes. Only send sensitive company information through an encrypted network, and download browser extensions to block websites or bad links. Don’t let your employees do any personal browsing on company computers or use the company network because that is just asking for trouble. Additionally, block access to the address book or network for anyone who doesn’t distinctly need to have that information.
There is no sure-fire way to prevent phishing attempts, but you can take precautions to minimize taking the bait.