As computer security becomes more and more sophisticated, scammers and thieves are finding it far more difficult to exploit your company and your data. These criminals have moved towards older and simpler methods of exploitation in order to get what they desire, most notably phishing scams.
Phishing scams are any form of communication that appears to come from a legitimate source (your bank, your accountant, your Internet Service Provider or a business partner etc.) Such a message is usually built to appear completely legitimate and will request some form of private information or sensitive company data.
A common example of phishing scams would be an email message from your bank requesting bank account login details. Such scams are becoming increasingly common for businesses and it is important that you be aware of them.
Phishing scams are always evolving!
Everyday criminals come up with new and more convincing methods of tricking your employees into divulging company secrets and sensitive information. Attackers have been known to duplicate entire websites in order to trick your customers or your employees into handing their details over under the assumption they are on a real website.
So always be sure to double check the URL or domain name of the site you are submitting information to. Ensure the little padlock symbol is showing too, especially if submitting credit card information or other hyper sensitive data.
In other cases the attacker will simply phone an employee or even yourself directly, while posing to be someone of importance or authority and proceed to ask you for the information they desire.
Humans are by nature creative and adaptive creatures and these characteristics equally apply to the criminals looking to subvert your information! The tricks these criminals apply will change from day to day so it is of great importance to remain aware of the typical types of attacks.
As a business owner, you must educate yourself and your employees on the principles of these attacks. Since the attacks will differ over time, you must focus on teaching principles on how to identify such attacks. Also ensure you have an effective plan for backing up and securing your data in the case of an issue.
Educating your employees against scams
Employee education is the key step in protecting your company from phishing scams. When the IT security protecting your servers is too strong, the only weakness left for a hacker to exploit (and the most commonly ignored weakness) is your employees.
You might be asking how exactly? The answer is through Social Engineering.
Training Employees to see common Phishing Scams
Your company should consider holding a short training session on the dangers of phishing. This session should include the points found below and instructions on how to contact IT in order to report any suspected phishing scams.
Here are a few basic tips that every employee should know on how to protect themselves from a phishing scam:
- Don’t ever give out your email or network password. In virtually all cases, IT doesn’t need to know, your manager doesn’t need to know, no one needs to know your password except for you.
- Don’t click on links or attachments from sources that you do not know or trust especially so in the case of unknown or suspicious email addresses.
- Question any emails that seem too good to be true. Sorry to say but you haven’t won a trip, $10,000 cash or a free iPad despite what the latest email tells you.
- Avoid pop-ups. Pop-ups that request payment in order to solve a non-existent problem on your network or computer are especially common.
- Know which personal data is personal and which company data should stay internal to the company. This should be obvious in most cases but employees should know what they can and cannot release in terms of information.
- Refrain from mixing your personal life with your work email – it’s an unnecessary risk to the company.
- With respect to an incoming phone call: always question the caller to ensure they truly know you and your company
- Always check where the email address was sent from and check if the email address is a “spoof” of a true email address, for example: firstname.lastname@example.org is definitely a scam email, because Facebook would always send from their .com and it’s highly unlikely they would use a domain like that
Protecting your network
In the case that a hacker is able to penetrate your network using phishing scams you want to ensure you are still adequately protected. The most important thing for you to confirm is that your virus and malware protection is completely up to date and that your backup and disaster recovery policies take into account the potential for a phishing scam to take place.
What Pain could this cause me?
If you do fall victim to phishing scams, the pain caused to you and your business can be monstrous. Firstly, the criminal may steal your information and use it for their own purposes of selling, creating competition or withdrawing money. Secondly, they may blackmail you. By threatening to release all of your private data about you, your employees and/or your clients. Holding this type of data ransom is not unheard of and I hope you will never experience this.
So please, with this pain in mind, ensure you are:
- taking the appropriate actions (as mentioned in this article but please contact us for more help)
- and your employees are remaining vigilant at all times
- you undertake at least some basic and consistent training
- “testing” your employees to see if they succumb to any “tricks”
- Plus more
Nettko can advise on all of the latest phishing scams and more. If you want to fast track your way to safety and security, let us help you. We are experts surrounding all of these matters and would be glad to offer you guidance and assistance. Please reach out to us on our contact page or give us a call on 1300 NETTKO
[jetpack_subscription_form title=”Stay up to date! Subscribe to Blog via Email!” subscribe_button=”Yes! Sign Me Up”]