How to Prevent Phishing – 5 ways to avoid your business getting reeled in by scammers
You’ve almost certainly received at least one in the last month – an email claiming to be from a reputable business that wants you to submit your personal account details or a ‘distant friend or relative’ asking you for help or money.
If you have then you’ve already been targeted by phishers; cybercriminals who impersonate brands, banks, trusted business partners and personal contacts in an attempt to trick you into downloading malware or ransomware, or to visit fake websites that push you to hand over confidential information such as company passwords, credit card details or bank logins.
According to a recent report on cybersecurity breaches in 2019 released by the UK’s Department of Digital, Culture, Media and Sport, phishing is now the most common form of cyber attack against businesses of all sizes.
The report reveals 32% of UK businesses and 22% of charities had experienced data breaches or attacks in the previous 12 months, and that phishing was the most common method of intrusion, with 80% of those attacked reporting they had been hit by phishers.
Although a lot of phishing emails seem so obviously fake they make some of us wonder who would ever be silly enough to be fooled by them in the first place, the truth is cyber criminals are making millions from their scams every day. They also continue to improve the sophistication of their deceptions, often by directing victims to a spoof website that looks almost identical to the real thing in an attempt to get them to reveal personal information the criminals can then use to gain access to your company’s valuable data or to steal funds.
So with phishing now the most likely way your company will be attacked in the future our team of London-based IT support experts have compiled 5 actionable steps you can take today to help ensure your business won’t ever take the bait and get reeled in by cyber scammers.
Cyber crime is on the rise and after your hard-earned cash, fight back and keep scammers away.
1. Train employees and customers to spot possible attacks
New phishing scams are being created all the time so it’s important you keep your employees and trusted business partners up to date with information about the very latest deceptions. By encouraging everyone to stay alert you’re much less likely to fall prey to an attack.
So how can you tell if an email is a phishing scam? Telltale signs include poor spelling and grammar (a lot of non-English speaking scammers use online language engines to generate text – with poor results) and suspicious URLs designed to look like they belong to a reputable company but which are often shortened or include strange characters that can easily be missed if you’re not on your guard. A good tip is to hover over the link and see if the landing page it wants to send you to looks legitimate. If you feel something’s off or you are in any doubt whatsoever don’t click it!
2. Enable or install anti-phishing software
If you’re running Office 365 Business you might already be able to get ATP anti-phishing protection as part of the Office 365 Advanced Threat Protection plan. If you’re an Office 365 Enterprise global or security administrator you can set up ATP anti-phishing policies yourself or we can do it for you.
There are plenty of other email security programs that provide a robust first line of defence for your business, such as Kaspersky, ESET, McAfee etc. And remember that all the most popular internet browsers can easily be customised with an anti-phishing toolbar that constantly runs background checks on sites you are visiting against a list of known phishing sites. If you’re unlucky enough to stumble upon a malicious site the toolbar should alert you to move on. And the best part is this solution is completely free!
3. Put up Firewalls
Firewalls act as a protective barrier between you, your company’s computer network and potential intruders. At UK IT Service we recommend you use two different kinds of firewall: a desktop version and a network firewall. The first is a software solution while the latter is a type of hardware. Employed together they can dramatically reduce your business’s exposure to attacks and infiltration.
4. Check online accounts regularly
Make sure you check any online accounts and email addresses attached to your business regularly, in case someone has already gained access or to spot them quickly before they can wreak havoc. Carefully check statements to ensure no unauthorised payments are being made and make it company policy to regularly change passwords. If the worst should happen you should have protocols in place so that you can act swiftly and decisively to stem the breach and limit any damage or loss. IT administrators in particular should have ongoing IT security awareness training – something we at UK IT Service can happily provide.
Ensure to regularly check your apps, software and online accounts for any suspicious activity.
5. If in doubt – report it!
If something feels suspicious or strange about an email or a site then stop what you are doing immediately and report it to your IT department, your IT support provider or call the company the email is supposedly from to confirm their request for information is legitimate. As a general rule of thumb you should never give out personal or sensitive corporate information over the internet or phone unless you are absolutely certain it is safe to do so. It’s always better to be overly cautious and make it a habit to check the address of any website you visit (secure sites always start with ‘https’).
Phishers pray on people who are distracted, naturally curious or complacent about e-safety, so remember to stay vigilant and updated because, statistically speaking, it’s not a matter of if but when you’ll next get targeted by phishers. If you’re still worried about attacks then feel free to contact our London-based IT support experts to discuss how your business can stay cyber secure.