How to Prevent Phishing Attacks
More than 100 million phishing attacks occur every day, according to the Office of the Director of National Intelligence. Organizations constantly face the threat of significant financial theft and the loss of critical and sensitive information caused by phishing.
What is phishing?
Phishing is a form of cybercrime in which hackers send fraudulent emails and/or create fake websites to steal money and sensitive information. These emails and websites may contain hyperlinks or attachments connected to malware or ransomware or ask for sensitive information, such as usernames and passwords.
Once more easily detected because of blatant spelling and grammar errors, phishing attempts have become increasingly sophisticated and can now target individuals based on publicly available information (called “spear phishing”) or high-level executives (called “whaling”).
Typically, a phishing email will convey a sense of urgency and often contains some inconsistencies or bad grammar, although this isn’t always the case. To untrained employees, a phishing email could look similar to the types of emails they receive every day.
Your first line of defense
More than ever before, employers must equip their employees to be their first line of defense against phishing attacks. With the right awareness and habits, employees can effectively help stop scams from happening. It starts with these three steps.
- Stop and think before clicking on any attachments. Employees should never click on a link or attachment if they aren’t sure of the secure nature of the content. One of the best ways to check a hyperlink is to hover over it with your mouse and make sure that the web address that pops up is the same as the written version of the hyperlink.
- If things look “phishy,” verify with the sender through a different medium. If employees aren’t 100 percent sure an email or hyperlink is legitimate, they can always try to reach the sender through a different medium, such as a phone call, to check.
- When in doubt, throw it out. It’s better to be safe than sorry. Employees should be encouraged to permanently delete any email that looks suspicious, without clicking on any hyperlinks or attachments.
The following infographic can help employees remember these helpful tips. Please feel free to forward it to others in your organization.
When phishing is on the rise, the stakes are too high to take chances. Make sure that your employees understand what phishing is and how to help protect themselves from it.
If you believe an attack has occurred, notify your IT department immediately. If you are interested in further information or training, contact us using the information below.
Senior Vice President
Technology and Administration
Brian Johnson is an experienced technology executive and consultant with a proven track record of leadership in technology management. As a technology and business leader with more than 30 years of experience, Brian successfully leverages his technology background, business acumen, and people management skills to help organizations link innovative technology solutions to their strategy and mission. Brian’s technology experience and credentials are supplemented by his training as a certified public accountant.
Brian is a frequent speaker and advisor on technology developments and trends. A certified public accountant, he has extensive expertise in IT risk advisory services and has earned the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified In the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC), credentials as well as additional certifications in operations management, systems engineering, and solution development. Brian was named one of the Wichita Business Journal’s CIO of the Year honorees in 2015.
Senior Technology Consultant
Ryan Burrus has been a technology consultant with AGH for more than 15 years. In this role, he advises clients of the best ways to use information technology to meet their business objectives and overcome problems, including system selection and procurement as well as high-level technical assistance. Ryan has worked with clients across a wide range of industries, including oil and gas, retail, healthcare, construction and banking. He has extensive expertise in IT risk advisory services and has earned the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) credentials.