According to a phishing study conducted by KnowBe4, employees in the insurance, manufacturing and technology industries click phishing emails or open infected attachments more than employees in other industries.However, no industry is immune to phishing attacks. Use several practical tips to protect your company from phishing attacks.
1. Recognize spam.
Emails designed to gather and steal information can be disguised to look like they originate from a legitimate company. Check every email carefully before you open it, and look for this and other signs of spam.
- Originate from an unrecognized sender.
- Ask for confirmation of personal, financial or banking information.
- Contain a sense of urgency.
- Threaten to contact the police or other organization if you don’t comply.
If you notice any of these signs, mark the email as spam and delete it.
2. Use secure websites.
Employers may need to order or pay for items online. In this case, they should only use secure websites to share personal or financial information. A lock icon on the browser status bar and https URL indicate that the site is secure.
3. Carefully update information via email.
Cybercriminals can practically duplicate the look, logo and other details of a legitimate company as they attempt to steal data. Your employees should always verify that the email is from the right company before they submit personal, financial or other secure information. Even then, they should use caution since anyone can hack into email and access the sensitive data it contains.
4. Avoid clicking on certain links, files and attachments.
Links, files and attachments from unknown senders may contain a virus or spyware that can compromise your entire network. Remind employees not to click on email links, files or attachments from senders they do not know or are not expecting.
5. Beware of pop-ups.
Annoying pop-ups can also be a tool cybercriminals use to gather sensitive data. Legitimate companies do not gather information via a pop-up, so employees should not click on pop-ups, copy a pop-up’s web address into a browser or enter personal information into a pop-up screen.
6. Utilize IT security measures.
Your computer system should feature IT security, including a firewall, anti-virus and anti-spyware software, and spam filters. Update these measures regularly, and instruct your employees to keep them intact.
7. Hold frequent training.
Human forgetfulness and evolving phishing scams require you to host frequent cybersecurity training. It teaches your employees to recognize and avoid phishing scams and can dramatically decrease risks.
Phishing scams can harm your company now and into the future. In addition to purchasing cyber insurance, protect your company when you take these practical steps.