While you might not be able to stop the bad guys from writing those phishing emails, you can provide employees with the following tools and education they need to fight back.
1) User Training
Users may be the number one security threat, but the right training can turn them into the first line of defense.
Training and education is your first line of defense in fending off phishing attacks. Arming employees with the tools they need to recognize malicious emails is a great first step toward stopping phishing attacks from infiltrating your network.
Employee training, complete with simulated attacks and testing scenarios, is the key to effective user awareness and ultimately, behavior modification. If you need assistance with user training, contact Ontech’s support team by phone at 262-522-8560 or online to discuss how we can best assist you.
2) Verify if you’ve Already Been Breached
To find out if your email address has been involved in a data breach, we recommend going to https://haveibeenpwned.com/. Through this website, you can plug in your email address or password to see if it has been compromised.
If you find that your email address or password was involved in a data breach, it’s time to take action. Change your password immediately, making sure the credentials you choose are meaningful to you, but difficult to guess by anyone else. Follow these password tips to create a secure, yet memorable password.
3) Familiarize Yourself with Various Types of Phishing Attacks
Phishing attacks take many forms – not just email. These are the most common forms of phishing, along with how to recognize a potential attack.
EMAIL PHISHING SCAMS
Most people think of email when they hear the term phishing. In this scam, the email usually includes a link to a spoof website that has been compromised by malware.
Protect yourself by not clicking on embedded links, and by reading the email carefully. When in doubt, notify your IT department or managed service provider.
Vishing is the voice equivalent of phishing and it originates with telephone calls. Criminals on the other end of the line try to harass, bully or sweet talk you into revealing personal information – data they will use to steal files, compromise identities and hurt your business.
When you receive a call, never reveal personal information. Verify the incoming number and write it down for further investigation. It is important to not call that number – just report it to your appropriate manager.
One notorious Vishing attempt is from companies that claim your Google Business Listing may not be claimed or verified. These companies are NOT Google, but may lead you to believe they work for or with them. Google will never ask you for payment information over the phone or guarantee you favorable placement in their products. If you repeatedly receive these calls and want to take action, you can now report these scams to Google.
TECH SUPPORT COLD CALLS
Many users receive these calls, supposedly from helpful tech support operatives. The caller claims there is something wrong with your PC and offers their assistance to fix it.
Of course, tech support representatives do not call you out of the blue, but an unsuspecting office worker might fall victim, assuming the call is from their local IT provider. As with all phishing scams, never reveal your personal information and never grant these criminals with remote access to your computer.
POP-UP WARNING SCAMS
Chances are good you’ve encountered this type of phishing at some point in time. There you are, just surfing away, and suddenly a pop-up appears claiming your machine has been compromised and needs to be repaired immediately.
If you encounter one of these pop-ups, examine the message closely, looking for telltale signs like unprofessional words or images, poor grammar, and misspellings. Also keep in mind that legitimate pop-ups from antivirus software arrive as part of the scanning process, not from random websites.
4) Invest in Security Awareness
Awareness is power, so protect your users with phishing defense tools. There are a number of solutions designed for business use, each intended to increase employee awareness and reduce the chances of a successful phishing attack.
These tools include features such as sandboxing of inbound emails, real-time inspection and analysis of web traffic, and simulations to test user engagement. By themselves or in combination, these tools can greatly reduce the odds of a successful phishing attempt.
5) Invest in a Password Manager
A single click on an infected link could destroy the integrity of your company network and lead to serious consequences for your workers. Criminals often use infected links that send employees to spoof sites – websites that appear to be legitimate but are actually owned by hackers.
The end goal of these attacks is to harvest usernames and passwords, but businesses can protect themselves with a password manager program. These programs use auto-logins to fill in the required information, protecting users and the integrity of the company network.
Phishing attacks affect businesses of all sizes. The recommended solution for your organization is best determined on a case-by-case basis, and we encourage you to call our office by phone at 262-522-8560 or reach us online today to discuss your needs so we can help you find the best fit.
Our sales department is always here to answer your questions, and would be glad to discuss your situation and specific areas of concern. Don’t be the next victim of a phishing attack. With the right education, training, and a proactive approach, you can avoid becoming the next statistic.