Many of us have clicked on an email that appeared authentic, but was not. Those fortunate enough to identify any suspicious elements before an attachment is opened or a link is clicked are the lucky ones. But, sometimes, we don’t notice those little things and click things we shouldn’t.
These trick emails are one method of an effective scheme called phishing, run by cybercriminals to get information about you or your company. Even worse, this information is then bought and sold to the highest bidder to do with it as they wish.
At best, an ad agency might send some extra spam emails your way. At worst, your identity may be stolen or your company’s network may be left exposed for all sorts of trouble.
Fortunately, there are many things you and your workplace can do to avoid these phishing attempts.
Tips for Employers
Just asking employees to watch out for suspicious-looking emails doesn’t drive home the urgency of phishing.
Find recent news reports to share with your workforce. When an organization makes the front page for a data breach (usually because an employee opened an infected email), you can explain how something like that could happen to your organization. It’s well-timed, newsworthy, and will be on forefront your employee’s mind.
The best thing to do as an employer is to implement a program that encourages security awareness, education, and behavior modification.
Changing up how you deliver that message to employees can be quite helpful. Start with a monthly email, memo, or bulletin. Switch it up with in-person, individualized meetings. Using different approaches will help your message resonate with more employees. It is common to need to communicate a message multiple times for it to stick with everyone.
Tips for Employees
Social media can be your worst enemy. Social networks are abundant with personal information, putting it right at the fingertips of cybercriminals.
Do not post any birthdays, addresses, or any other personal information on these websites. We know many domain and personal accounts use these for passwords despite the easy availability. Even with privacy settings maxed, there is always a way for cyber criminals to obtain the information.
Additionally, cybercriminals are getting more creative, especially with phone numbers. It is becoming very common for criminals to call high-risk employees and ask for information. For example, some of these “phishers” will call and pretend they are from their company’s help desk and need to reset account credentials or “require verification” from the user.
When in doubt, don’t give anything out. If something seems off or you don’t know the person, ask for their contact information and look into it. In these cases, it’s better to be cautious than courteous.
Overall, phishing isn’t going anywhere and it should be incorporated into all online security training for workplaces. As long as people use social networks and email continues to be a primary workplace communication channel, phishing will be a top choice for cybercriminal’s data theft. Protect your business and your employees. You can always contact Tech Experts at (734) 457-5000 if you’d like an in-depth review of any suspicious email you may have received.