Eight Tips to Avoid Rotten “Phish”
In 2018, e-commerce sales were responsible for nearly $2.4 trillion. In the US alone, e-commerce is responsible for 10% of all sales and is expected to rise 15% per year. Much of these sales are driven by Millennials, who desire instant accessibility, round-the-clock access and a quick turnaround. As a result, businesses of all sizes have had to adapt to the ever changing digital economy and its global impact. While these technological advances have created a more convenient, cost efficient way of conducting business, they have also given birth to a more sinister element – cybercriminals.
Hardly a day goes by without the news of yet another cyberattack, resulting in sensitive data falling into the hands of the wrong people. Cybercriminals are becoming increasingly more efficient and creative with their Phishing methods. Therefore businesses must come up with equally efficient and creative solutions to block their ill-intended actions.
So, what exactly is a “phishing email”?
Email is one of the easiest and most common ways for a cybercriminal to access sensitive information from your business. Phishing is a type of online scam where cybercriminals send emails that appear to be from legitimate companies asking for sensitive information. Many times these emails contain a link to an authorized “website,” where private information is sent directly to the scammer.
The term “Phishing” is a play on the word fishing, because criminals dangle a ‘lure” (the email and fake website) hoping users will ‘bite’ by providing information that the criminals can then turn around and use at your significant detriment – such as credit card numbers, account numbers, passwords and usernames. Sometimes, these malicious emails even contain viruses.
It’s much easier (and more cost effective) to prevent a cyberattack BEFORE it happens than to have to fix the damage afterward. But how? Here are a few helpful tips you can implement to help protect your business from the “bad guys.”
Tip One: Have All Machines Install an Anti-Phishing Software
Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, emails or other forms used to access data. Once identified, this software works to block the content, usually by warning the user that the information they are attempting to access is likely malicious. However, most software also provides the option to access the information anyway, so make sure your employees understand what they should and should not be accessing.
Tip Two: Assume All Pop-Ups are Bad Pop-Ups Until Proven Otherwise
While pop-ups can be annoying, they are often implemented as part of a larger on-line marketing plan. Pop-ups from legitimate websites are fine, but it is also a common phishing tactic. Most Internet browsers allow users to block pop-ups by default, giving the user an option to display certain pop-ups on a particular website if desired.
It is best to ensure all of your employees are using the same browser and that pop-ups are blocked by default on all computers. If a pop-up does appear or slips past the block settings, make sure your staff knows not to “cancel” or “close” the pop-up window. Many cybercriminals link the “X” to a phishing site that will automatically open when it’s clicked.
Tip Three: Go Undercover Like 007
You can take the steps to install all kinds of anti-phishing software, but it is your employees who are your best line of defense and it’s essential that they all know how to spot a scam. An undercover test is one of the most effective ways to ensure your employees have their swords up and are ready to fight. See if any of your employees fall victim to your test. If so, review your basic security and IT procedures when it comes to avoiding cybercriminals.
Tip Four: Keep Your Software Updated
Have you ever received a notification that a newer version of your software is available? Ignoring these notifications can make is easier for your business to fall victim to an attack. Many of these updates are done to close loopholes that phishers and hackers have exploited in earlier versions. If you ignore the update…well you’ve create a gaping hole in your security. When an update is available, install it right away and make sure your staff does the same.
Tip Five: Erect a Firewall
You can help protect your business with software and training, but installing a firewall acts as a buffer between your device and a potential intruder. Ideally, you want to halt an attack before ever needing all of the software and training you’ve implemented. Think of a firewall as the moat around a well-fortified castle. Your IT team should have a desktop firewall and a network firewall. One is a software and one is a hardware. When both are utilized together, it can dramatically reducing the odds of falling victim to phishing scams.
Tip Six: Look for the Security Certificate
It’s not uncommon for a business to supply sensitive financial information or make payments online. However, before providing any data, you’ll want to make sure that the website you are using is secure. Check for the “https” in the website’s URL. There should also be a closed lock icon near the address bar.
Tip Seven: Encrypt Your Company’s Data
Data encryption translates data into code so that only people with an access key or password can translate it into a readable form. If you do fall victim to a cyberattack, using encryption can render any stolen data useless.
Tip Eight: Back Up Your Information DAILY
This really should be a no-brainer. Even if the world was free of cybercriminals, backing up your data isn’t just important – it’s essential. And in a world full of hackers with mal-intent, backing up your data eliminates the need to pay to get your data (or access to it) back.
Since the digital world is constantly changing, there is no way to keep your company and data 100% safe. But, by implementing proper software and good practices, you can make it much more difficult for the “bad guys” to win.