As a business professional, you are no doubt smart, perceptive and far from gullible. Yet, how many times have you come far too close to falling victim to a phishing attack, which would have resulted in the loss of valuable business data? Be honest – how much do you know about this increasingly common cyber-attack? The answer may well be that you don’t know enough about phishing, and that means you and your business are vulnerable to an attack.
We need to “know our enemy” as they say. In case you are wondering, it is pronounced exactly like the word fishing. The clue is in the way it sounds, so let’s explain this using fishing as an illustration, since, even if we haven’t been fishing, almost all of us know the basics of how that works.
A typical fisherman, the one with a chair and a rod at the side of a river or lake, attaches his chosen bait to the hook of his fishing pole and tosses it into the water. What’s the result? An unsuspecting fish swimming by, thinks that this bait is a legitimate meal, unaware of the hook and the fisherman waiting to reel him in.
In the same way that a fisherman deceives the fish, a cyber-criminal who uses phishing tactics deceives his victim, with the goal of tricking them into revealing sensitive information. Remember the fish thinks the bait is a real meal, and in the same way phishing websites and emails etc. can appear very realistic.
For any business, a successful phishing attack can be a devastating blow, especially considering the economic pressures all businesses are facing these days. So, the first reason to protect yourself against these kinds of attacks is to prevent financial loss, either to you personally or to your company. Phishing costs businesses alone 500 million dollars every year!
However, remember that the goal of a phishing attack is to collect sensitive data which can include passwords, customer data, credit card numbers, bank details and more. Understanding what data cyber criminals are after can help us to recognise the importance and danger of such attacks. Take a moment to think about the data that your business holds. What would be the effect financially and reputationally if this information fell into the wrong hands?
Perhaps you spend a significant amount of money on digital security, such as firewalls and other methods to keep your sensitive data safe from hackers. This is an excellent use of resources and something that all businesses should, and need to invest in. However, there is little point in locking the front door if we leave the back door wide open, so to speak. In the same way, since cyber criminals are constantly trying and perfecting new methods, we should make sure that we are protected from all angles. All it takes is one member of staff to fall victim to one phishing attack and your company’s sensitive data could be available to hackers. So now that we understand why this is so important, how can you protect yourself and your business.
There are however some very simple steps you can take to defend your business against phishing attacks. One of the best ways to ensure you’re doing them all is to make use of free phishing resources so be sure to regularly check up on these as they are updated in line with changing tactics hackers use. Here are some excellent tips that can make up a prevention checklist if you will.
Be sceptical – when you receive an email, do not automatically assume that it is from a legitimate source. Check that the email account is a genuine one. You can usually do this by checking that it ends with the company’s domain. If in doubt, check on the official company website for their email address.
Join the grammar police – Many phishing emails contain grammar mistakes and typos. Scan through the email for signs that indicate a lack of professionalism. Also on this point, look out for a lack of personalisation. Emails that begin with “Dear user” instead of your name could be phishing.
Have a zero click policy – Do not click on links in an email without being 100% certain that it is from a legitimate source. Hover over the link so that its web address appears, and you can confirm its destination. Clicking on a link can trigger a download of malware onto your device. Ensure that your employees know and follow the zero click policy. Never click on a link from an unsolicited email!
Look for HTTPS – When you are on a website that asks for you to enter sensitive information such as login information, passwords or bank details look for the padlock icon or the letters https before the web address.
We live in a dangerous world, where digital security is always at risk. However, by being aware of the dangers and by taking simple steps to improve your online safety you can sleep soundly knowing that your data is secure. Remember, be sceptical, don’t click on links and you won’t fall into the phish tank or get caught by a phisher.