Phishing is the use of fraudulent emails appearing to be from reputable companies in an effort to acquire sensitive or secure information from the recipient. Phishing may be attempted to solicit credit card numbers, passwords, social security numbers or other personal or business-related information. Phishing can be particularly problematic in a business situation, where dozens or even hundreds of employees may be accessing emails on company computers.
Phishing generally comes in two broad forms. It may encourage the recipient to voluntarily enter sensitive information into a fraudulent website, believing it is a legitimate website. The second, perhaps more dangerous form of phishing, encourages the person receiving the email to click on a link downloading malware.
The latter can be extremely destructive in a business setting.
How can you minimize your company’s susceptibility to phishing attacks?
Employee Awareness
You may be surprised at how many of your associates are unaware of phishing tactics and the damage they can cause. The best place to start a phishing-prevention program in your company is through training and education. Help them recognize fake URLs and train them to be suspicious. This is not only an awareness issue but an issue of habits and human nature. Phishing has become very sophisticated and even those who may be aware may click on a link before giving it a second thought. Train employees to physically type in the desired address rather than clicking on a link. If there are any questions about the validity of an email or link provided by a seemingly trusted company or client, verify the email through a phone call.
Create an Employee Internet Security Policy
This should include policies on web browsing and password strengths, and it could even involve creating an expiring-password program. Company email passwords should be kept confidential.
Use of Spam Filters
Spam filters can screen a large number of potentially suspicious emails, preventing them from ever getting to your employee’s email inboxes.
Install an Antivirus System
Make sure your company has robust antivirus software and that it is kept up to date. In case a phishing attempt is enacted, an antivirus system can stop it in its tracks.
Keep all Software Updated
Make sure all of your software has the latest patches and updates that may be designed to plug security holes. This is often a never-ending battle.
Create a Reporting System
While it may be tempting to somehow discipline employees who downloaded malware from a phishing attack, you are far better served to set up a prompt reporting system that can make your IT department aware of the problem ASAP.
Training and some practical steps can go a long way in preventing your employees and your company from becoming victims of phishing. You can also go further with encryption and other tactics to elevate security.
PS LIGHTWAVEPS LIGHTWAVE is the consultative data-connectivity provider for public and private entities in the Greater Houston area. We fully understand technology is a moving target and we are extremely familiar with the infrastructure of the Greater Houston area. We are nimble, flexible and responsive, and we embrace leading-edge technologies that improve the customer experience. Visit our website or contact us. Concerned about security? Connect with PS LIGHTWAVE.
