Top Ten Anti-Phishing Tips

On August 29th, NU PropertyCasualty 360 ran an article called, “Mitigating the effects of a malware attack”. It said this, in part:

When cyberstalkers go phishing, it can lead to ransomware attacks and the loss of valuable information … The goal of any cybercriminal is to make money through an attack. Access can be gained through systems that have not been updated or patched, but frequently these bad actors get into networks through phishing attacks … attacks are definitely on the rise and cybercriminals are accessing targets through email, phone calls and text messages.

Well, yeah. And we wondered what took so long for an article to present those facts.

The Threat is Real

According to the Federal Trade Commission, phishing is defined as:

a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Then a scammer uses the information to open new accounts, or invade the consumer’s existing accounts.

That threat is real enough for personal accounts and financial data. So, imagine the magnitude of the threat as it pertains to your business accounts and financial data. But you can take a number of steps to protect your assets from phishing attempts:

  1. Back up your data regularly and system and application patches and updates current.
  2. Install a firewall, use spam filters, and encrypt your data.
  3. Install anti-malware, anti-virus and anti-spying software and security monitoring applications.
  4. Teach your people to ignore suspicious email and to report suspected breaches.
  5. Control access to your data and your systems, and keep a record of all system interactions.
  6. Use alerts, flags, or banners to warn people when an email originates outside of your company.
  7. Train your people to spot phishing attacks and run tests to see who can tell a spoof from a legitimate phishing scheme.
  8. Use a password manager that will only allow domains stored in the password manager to auto-populate credentials.
  9. Report imposters to your IT security team so they can find internal compromises and block further inbound emails from look-alike domains.
  10. Notify business partners and remind them not to accept changes in payment instructions without calling you first to validate.
Or …

All of those 10 things will help protect you and your company from phishing attacks.

But the fastest and easiest thing you can do is call us.