How to protect your business from "Phishing"

5 Simple Steps to Staying Secured Against Phishing

Attackers will attempt to gain information or even access your computer using phishing emails. These are often designed to emulate genuine emails from companies such as Amazon or even invoices or other information from clients. There are a number of simple steps that can be taken to lower the success rate of attacks, or to lessen the impact of successful attacks against your business.

click.jpg
30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.
— Verizon Data Breach Investigations Report
Nearly 1.5 million new phishing sites are created each month.
— Webroot Threat Report
factory.jpg
My Post-9.jpg
95% of all attacks on enterprise networks are the result of successful spear phishing.
— SANS Institute

Phishing is threat to companies of all sizes

With small businesses less likely to be able to absorb the financial hit of a data breach or the downtime caused by an attack, its important that the whole team is aware of the threat and how to spot a phishing scam.

HERE ARE OUR TOP 5 TIPS TO GET YOU STARTED:

  1. Only use a "Limited" user account not and Administrator account for day-to-day activities on your computer.
    This will help lessen the damage if a phishing attack is successful. The Principle of Least Privilege suggests that users should always be given the lowest amount of privileges possible.
     
  2. Check for poor spelling or grammar – or low-quality images.
    Phishing emails are often worded poorly, or use low-quality versions of images such as logos. They can contain links to sites that look real – but are actually fake! designed to trick you into entering your login details. They can even make the link seem like it goes to the legitimate site in the email.
     
  3. Does the email address look genuine? It may be a close match.
    Attackers will try and send emails from addresses that either pretend to be from the legitimate site, or that look very similar – sometimes swapping 0's for o's or 1's for I's etc.
     
  4. Support staff that fall victim to a phishing scam.
    If staff are punished for falling victim to phishing emails, they will be less likely to report it in the future. The best way to help prevent your team from falling from these kinds of scams is to go over the phishing email as a group and collectively highlight what parts of the message to look out for in the future (misspelt email address, fake links etc).
     
  5. Run an antivirus scan and change passwords after an attack
    If an attack was successful change user passwords and run an antivirus scan as quickly as possible. If you reuse the same password on social media or other websites, change your passwords there as well.

WHAT NEXT?

Implementing these 5 simple steps will make a difference to the security of your business and help you stay safe online.

If you would like some further guidance on this or any of the other topics covered on our blog then feel free to contact one of our friendly small business advisors on: 01684 600 001 or
hello@cybersteps.co.uk

Get in touch today.jpg