Cyber threats evolve quickly as technology grows more complex, but there’s still one constant element at the core—the human element. The evolution of technology allows us to be connected more than ever before. Social media, online shopping, online banking and bill pay have become routine because of it. In the workplace, the evolution of technology makes processes more efficient and, over time, has changed the way we work. Servers and data centers make email, file sharing and video conferencing all possible. Infrastructures are put in place to help protect the information we send across the network, but people make mistakes, while others create trouble. Big business or small, your company can still fall victim to phishing scams because 95% of cyber-attacks are caused by human error. Phishing relies on this imperfect human element to be successful, which means individuals need to work on self-defense to avoid phishing scams easily.
Phishing is a cyber-attack via email or a malicious website that is designed to collect usernames and passwords in order to steal important documents or customer account information. The attack typically comes in the form of an email that appears to originate from a trusted source, like a company leader, benefits officer, a bank, or another familiar acquaintance, to trick people into passing over sensitive information. The information is used to steal money or identities, and by the time IT figures out something has happened, the damage is already done. Building knowledge and training your staff can minimize the risk your company will become the latest victim of phishing.
Verizon, Snapchat, Apple, Target, the IRS, banks and, recently, a hospital in California have all been victims of phishing scams. Phishing is a sophisticated cyber-attack, but the more you know, the easier they are to spot. We’re listing the top 10 steps companies and individuals can take to protect their identities and assets.
1. Conduct regular training sessions on cybersecurity.
Although human error triggers most cybersecurity threats, your employees should not feel like the problem. Through regular training, employees can empower the solution and help close vulnerabilities. Preventing these attacks with open communication as a team protects everyone from potential loss.
2. Email protection is a must.
Spam filters do a lot to protect inboxes from bad email, but really good phishers make emails and websites appear legitimate. Pay attention to the warning signs.
3. Be cautious.
Never put sensitive information in an email or on a web page linked from email. Go directly to the company’s site by typing in their URL and logging into your account. Only proceed if you see the security padlock icon or the URL starts with “https://”. If you’re still unsure, call the company’s customer service phone number to make sure they actually sent the email.
4. No one should ask for your information directly.
Banks, utility companies, government agencies, business contacts and acquaintances will not ask for sensitive information through email. If they do, or they urge you to verify by clicking or sending a form, it is a phishing attack.
5. Never click links in email.
Target was receiving suspicious emails that lead to the theft of customer credit and debit information. This phishing attack cost Target . This is the consequences of phishing attacks. Money can be lost in revenue, cost of recovery or even lost jobs.
6. Limit access to the Internet.
Companies should set control policies to let people access only what they need when it’s appropriate. Employees need to understand company security policies from day one, and receive regular updates on acceptable network usage. Individuals need to also become aware of the risks to connecting with various Wi-Fi networks, public or private, and limit online activities to the appropriate time, device and network.
7. Consider cybersecurity insurance as part of your security program.
The cost to insure outweighs the risk of loss, as these attacks can ruin a business. Afognak Native Corporation, a company based out of Alaska, lost $3.8 million in a phishing scam last year; they were able to recover most of the those funds. Not everyone is so lucky, especially if they are not insured.
8. Understand that every industry is at risk.
Currently, the industry most vulnerable to attacks is the healthcare industry. W-2’s for employees and health and account information for patients are what attackers are hunting. In busy businesses such as hospitals and healthcare facilities, training on cybersecurity can often fall by the wayside.
9. Test employees by sending a fake email.
To help measure how much your employees know about phishing. Use the results to show how many people clicked the link or provided login information. During a follow-up session, review their performance and explain the dangers of phishing.
10. Take cybersecurity seriously.
If your company is compromised by a phishing attack, you will lose your customer’s trust and credibility in your industry. If security is somewhat lax overall, then the cost to recover data and repair your image after a breach may become insurmountable. Be sure your company takes both proactive and reactive steps to protect from hackers.
And the final, ultimate rule is—stay aware. Practicing each step will significantly decrease your risk of phishing attacks and keep you ahead of the curve. If you fall for a trick, treat it as swiftly as you would when someone leaves the company.