Phishy Business: 8 Tips to Protect Your Company

August 24th, 2017 by admin

Phishing emails can seem impossible to avoid. Hackers have grown increasing more sophisticated and intricate in their abilities to disguise phishing emails but there are still a few signs that give them away. Here are eight things you should be aware of to prevent from getting “hooked” (as well as some tips for how to respond if you do). With the world moving rapidly toward digitalization, cybercrimes are more widespread than ever before. Specifically, phishing attacks have become bolder and more sophisticated. They are one of the most prevailing security hurdles that both individuals and businesses have to tackle on a regular basis. The intent of a phishing attack is to obtain sensitive data to get access to protected networks or computers. Hackers achieve this by including an authentic looking link or attachment in an email which if you open, infects your computer or directs you to a web page that asks you for some private information. As per cyber security agencies, almost 20% of phishing emails get opened in the workplace. This comprises of clicking the included malicious link or opening the infected attachment. While phishing email scams may seem unbeatable because they often appear to be sent by trusted sources, here are a few things businesses and individuals can do to safeguard themselves against these attacks.

Tips to Protect Your Business from Phishing Emails

  1. Be cautious of emails requesting private information: Particularly information related to bank accounts, credit or debit cards. Legitimate businesses will never demand confidential information by email, and most financial institutions will not request your credentials/authentication details except when you are the one reaching out to them.
  1. Always check the source: Hackers can forward emails that seem like they’re from a co-worker's email account, and in some situations, can also take over their email account completely. If your supervisor or co-worker sends an unusual request, ask them about it offline.
  1. Fake domains that look real: These are often used by hackers to fool users who don't always look closely at the part after the '@' in an email address. For example, google.com vs. g00gle.com. ALWAYS check the domain name and URL before clicking anything and pay special attention to spelling errors.
  1. Don’t get sucked into the urgency: Often hackers will play on your emotions and try to make their phishing emails seem urgent so that you are less likely to notice the little things (like a fake domain name). They may say things like your account will be shut down if you don’t click the link, that information will be deleted, or that your computer has been infected.
  1. Forms in emails: Never input private information via forms embedded within emails. The sender is often able to track all information entered.
  1. Links in email: Don't ever click links in an email except when you are completely sure they are authentic. Alternatively, open a new browser tab and key in the URL yourself into the address bar. Usually, a phishing site will resemble the original - look at the address bar to ensure that this is the case.
  1. Check a Site’s Security: It’s common to be a bit cautious about providing sensitive financial information online. But as long as you are on a reliable website, you should not run into any difficulty. Before you submit any private information online, ensure the site’s URL starts with “https” and there should be a sealed lock icon beside the address bar.
  1. Have a backup plan: If anyone in your company does click on a phishing link, your best defense is to have a solid backup and recovery plan. Keep at least three copies of your important data. One of those copies should be kept offsite to provide the best protection.
Remembering these tips will keep you ahead of the game but if you do accidentally give out your private information (such as account ID’s or passwords) immediately go to the real website and do the following:
  • Change your password
  • Set up 2-Factor Authentification
  • Verify your recent account activity and all of your personal information (including contact info and password hints or recovery phrases.)

Posted in: Protection, Security, Tech Tips


Cal. Civ. Code § 1798.102 - Do Not Sell My Personal Information