What is Phishing and How do You Prevent It?

Cyber threats have become a major concern in the digital industry. According to experts, 93% of data or security breaches come in via phishing scams.  

It might seem like a hopeless endeavour going up against cybercriminals. But there are ways you can prevent phishing scams. In this post, we’ve provided valuable information on what phishing really is and why it’s so important to protect your data. We’ve also provided tips to secure your business and your customers and suppliers from phishing threats.  

By taking the necessary precautions you can prevent costly cyber breaches that threaten the integrity of your organisation as well as your customers and suppliers. Read on to find out more. 

To Be Clear – What Exactly is Phishing?

Phishing is a type of fraud where a cybercriminal poses as a professional in forms of communication such as emails. The phishing email will contain a link that may seem trustworthy. As soon as the user clicks on a link, your entire organisation’s data will be compromised. Hackers will then have access to all your customers and suppliers information. 

Hackers use the email reader as a springboard to access more valuable company data. Phishing can also be used to create identity theft. The hacker poses as an authority and requests password resets across your company’s digital infrastructure. Employees will then reset their passwords not knowing that the request came from a hacker. Once the hacker gains access to all your employees computers they can then retrieve their contacts and steal their information.  

Here is an example of what a phishing scam may look like: 

1. You receive an email from your financial advisor 
2. It looks legitimate
3. They require urgent action to change your password on one of the programs you use to work on 
4. You click on the link thinking it’s safe
5. There is a page that requires your login information
6. You type in the information not knowing that it was a ploy to access your credentials

The catch is the method was designed to be an excellent counterfeit to gain access to your device. But the purpose is not simply to steal your data. The reason for phishing is to gain access to all your contact, customers, suppliers and all their contacts. As soon as a breach occurs, your entire list of contacts are now at risk.  

8 Steps You Can Take to Reduce Your Risk of Being a Victim

Even though you’re a small business, one phishing email has the potential of infiltrating thousands of others after you click on that one link. This will have a detrimental impact on your company’s reputation and you could face legal action from any contact of yours that was affected. 

To help protect the information on your device, we’ve provided 8 basic steps to mitigate data theft through phishing emails. 

1. Reduce What Information You Leave Available to the Public for Scammers

The first step when implementing cyber security is to think like a criminal. Consider for a moment, how you’d use the information on your website or LinkedIn and Facebook to go on a “phishing” trip.

Use these considerations to minimize the information you place on the internet. For example, don’t place your email address on your LinkedIn page. Instead, add a link to your website and allow users to communicate with you through a chat box.  

2. Set Up Automatic Updates

Updates are designed to protect your device from the latest cyber threats. By setting up automatic updates your computer and browser will have an extra layer of protection. So if a staff member does happen to click on a threatening link, you’ll have a level of defence to protect your digital infrastructure. 

The advantages of automatic updates include: 

• Patching holes in security
• Reducing pop-up notifications 
• No action is required on your part
• Optimises security systems 
• Enhances system functionality 

If you don’t update your computer or browser, you could be at risk of phishing attacks through unknown vulnerabilities. 

3. Know What to Look For

Some users don’t know what a phishing scam looks like. Scams can look incredibly authentic so anyone can become a victim. But there are tell-tale signs that give a phishing scam away such as: 

• The recipient uses a wishy-washy Gmail account instead of a corporate email address. 
• There are misspelled web addresses that don’t have the secure padlock icon next to them. 
• The message can have many grammatical errors. 
• It may ask you for personal information such as your banking details or credit card number. 
• The message will have a tone of urgency such as, “your account is in arrears. Click the link NOW to avoid legal action!” 

One aspect to remember is that any reputable company would never ask you for your details over SMS or email. Inform your staff what to look for if they’re presented with a phishing scam. If they’re unsure, they should speak to a team of cyber professionals to ensure it’s safe to proceed to take action. 

4. Just Don’t Follow the Link 

As mentioned before, phishing links will have misspelled words or they may have a slight difference from the original website address. For example, the link may be www.YouTube1.Com instead of www.youtube.com. If you’re not paying attention these small details may be missed. 

To take extra precaution it’s advised not to click on links at all unless you know it’s from a trusted source such as a client or a work colleague. If you’re unsure you can contact the person who sent you the link to ensure its legitimacy. If you have email security, you’ll be informed immediately if the link is untrustworthy. 

5. Be Careful Where You Share Your Information

One of the ways cybercriminals steal information is by convincing the user to enter specific data onto a website. For example, you may accidently share credentials for your CRM system. Cybercriminals will then have access to a list of all your customers.

Before entering your details on a page, ensure the site is secure. One way to tell if a website is secure is to look at the website address. 

If the website address starts with “HTTPS” and there is a closed padlock icon next to it, then the site is likely safe with a secure SSL certificate. This means that any information you enter on the site will be encrypted, making it difficult for cybercriminals to phish your information. 

Don’t use a website if it doesn’t contain a secure web address. It may be vulnerable to cyberattacks.

6. Get intelligent Email Security

Your front line is to use an intelligent Email Security solution that prevents the malicious phishing emails from getting to you in the first place, so you (or your team) don’t have to learn how to spot or identify the threats yourself. The right solution should learn about your communication patterns, who you communicate with regularly and what data you usually share, so it learns to differentiate between the real threats and harmless link sharing between friends.

7. Use an excellent Antivirus (must be Next Generation)

Should anything escape your Email Security, a good computer security solution (or Next Gen AntiVirus) will protect your data and computers from any malicious activity. AntiVirus is a well-known term, but historic AntiVirus is sadly not enough to protect you anymore, as it looks for specific signatures rather than behaviour. Which is why we suggest you look at Next Generation Antivirus, sometimes known as Active Endpoint Detection and Response (ActiveEDR). This will provide a team watching the security alerts, ensuring you are secure from threats to your computer.

8. Use a Suitable Password Manager

Should a threat make its way past your users, Email Security, next generation AntiVirus and a good Password Manager will protect you. A password manager works by not allowing you to fill in your passwords on malicious or fraudulent websites. 

In addition to the protection, it also means you can have secure passwords on every website you visit. You won’t have to think about creating a strong password, or remember it because the Password Manager will do it for you! It can even store Multi or Two Factor Authentication codes to save you from using multiple applications or devices to access your passwords. Here is our top list of reputable password managers:

• Keeper: Best Dark Web Monitoring we have seen. Excellent reporting and admin features for a small business that care about its passwords. Password sharing is easy and it includes 5 free family licenses on the Enterprise level subscription.
• Dashlane – Can store MFA codes, includes Dark Web Scanner and it has a built-in VPN, but doesn’t work with all sites.
• 1Password – Excellent for small businesses and can be installed on any device. Training is limited compared to others, and password sharing is not controlled centrally, but by users. Decent pricing and includes Dark Web monitoring.
• Roboform – Brilliant password manager at a low cost. However, it doesn’t include Dark Web monitoring, which is one of the main features a password manager should have.

Security Everywhere – It’s Time to Secure Your Data and your business

If a hacker infiltrates your systems, not only can it affect you, it can also directly impact your clients and partners, who will be at risk, which could cost you your reputation and income. Prevention is better than cure! At Security Everywhere we provide managed security services to protect your small business.

We offer managed services to protect your business email accounts, computers and can help you set up excellent password security. We also provide cyber training so your staff can be well prepared if they are faced with a phishing scam.

Contact us today so we can assist you with the security you need to protect your small business from the ever-growing cyberattacks threatening you.