3:00 min read
Phishing can be a company’s worst nightmare. According to Google, phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Many security measures can be in place to guard against human security risk, but without proper knowledge provided to individual employees, one email with an attachment can compromise everyone. According to EdTech Magazine, one third of employees in America are falling for phishing scams.

Got a minute? Try a free interactive security training module.

Phishing scams are becoming more sophisticated, fooling anyone from the new hire all the way to the CEO. If employees aren’t educated and brought up to date on the latest phishing scams, companies leave themselves more susceptible to breach. Phishing scams also increase at times when there are major data breaches with large companies. Some examples of companies who have been hacked in the last year are Uber, Deloitte and Equifax. According to the FTC, the Equifax breach affected 143 million people accessing their social security numbers, birthdates, addresses, and driver’s license numbers. After the breach, Equifax even inadvertently directed people to a fake version of its own hacking help page. The seriousness of phishing should not be overlooked. Wombat reports 3 reasons end users fall for phishing attacks:

  • Users aren’t aware of the phishing threat;
  • Users are aware of the threat, but don’t know what to do about it;
  • They are, for better or for worse, human.

Expecting employees will never click on a bogus attachment is unrealistic; however, keeping employees in the dark about phishing is a sure and certain way to compromise a company.

10 tips for employees to decrease their chances of getting hooked:

  1. NEVER open a hyperlink within an email, especially if it is from an unknown sender. If you are curious about the hyperlink, instead of clicking on it, simply type the web address into your browser yourself. Since it is estimated that more than half of all emails are spam, with the number of malicious links on the rise, it is important to resist the urge to click on that link.
  2. NEVER enter sensitive information into a pop up window. It’s best to restrict pop-up windows unless you are sure the source is trustworthy. When closing a pop-up window, don’t click ‘cancel’, but click on the small x in the top corner. Sometimes phishing scammers use the ‘cancel’ button to their benefit.
  3. NEVER send personal or financial information in an email. Unless it’s your bank or other financial institution that you’ve contacted first, they don’t need to know.
  4. ALWAYS be suspicious of any email with URGENT requests for information.
  5. ALWAYS verify HTTPS on the address bar. The ‘S’ confirms a secured, legitimate channel for data transferring. If the address bar merely shows ‘HTTP’, do not share any confidential information.
  6. ALWAYS call to verify if you are unsure about an email. Pick up the phone and call the sender if you have any doubt as to whether or not the email, or request for personal information, is legit.
  7. ALWAYS turn on two-factor authentication. This requires a password along with another piece of information such as a code sent to your phone or an app.
  8. ALWAYS educate yourself on current phishing practices. This will help ensure that you won’t unknowingly become a victim to these scams. Here is an example of a phishing scam targeting Google.
  9. ALWAYS check your accounts periodically for suspicious activity. Calendar the reminder.
  10. ALWAYS have a backup plan. No matter how educated and prepared you are, there is always a chance that you will fall prey to a phishing scam. Make sure you have a strategic plan to follow in the event of a hack.

Remember, there is no foolproof remedy for phishing, but these tips will help decrease the likelihood of compromise.