How to protect yourself from malware and phishing attacks
Last updated on April 15th, 2020
Phishing is a form of online identity theft or the introduction of damaging viruses and other software into a business. The aim is to steal information or make IT systems unusable until the individual pays up.
Phishing is certainly on the rise again, thanks in part to simple to download malware and virus toolkits – even for inexperienced “hackers”. It is a global business and worth the effort, it’s all about the money now.
Even though businesses have security systems in place it’s not unlikely that something will slip through the net at some point in time. When this happens the last bastion of defence is the IT users. When phishing attacks are successful it’s usually down to an untrained member of staff clicking on a link or opening an attachment, so it’s critical that employees fully understand the basics.
Security basics for phishing attacks
So, what areas should businesses be making their employees aware of to protect the business from phishing attacks, either on a website or via SPAM?
1. Protect against SPAM
Users must be educated in terms of what to look for, such as:
- Comes from unrecognised senders – always check the email address, even if the name is familiar
- Asks you to input personal information – especially if it’s required urgently
- Aren’t personalised
- Try to make you act quickly – often by frightening or threatening you into action
2. Use a phone or secure websites to enter information
When asked to enter personal information check the status bar of your web browser for a lock icon, or check the web address in the bar starts with https://. Also, check that the domain is right (no spelling mistakes or unnecessary hyphens).
3. Be wary of links and downloads
When opening web pages or emails you should only really be opening attachments or downloads when you are expecting them, even if you know the sender.
4. Don’t send sensitive information via email
Email is quite a simple technology and is often targeted during attacks. You just don’t know who could gain access to your emails, either in your mailbox, whilst travelling over the internet, or in the recipient’s inbox.
5. Watch out when links in emails which ask for personal information
The best way to get a target to enter sensitive information is to send an email which looks exactly like an email from that company. It’s very unlikely that these organisations would ask for sensitive information from within an email, so pick up the phone, call the company and check.
6. Pop-ups usually mean danger
It’s extremely unlikely that a legitimate organisation will use pop-up windows
- Never enter any personal information into a pop-up window
- Do not click links in a pop-up
7. Have multiple layers of security
Ensure that you have the basics in place, such as:
- SPAM filters
- Firewalls with zero-day threat protection
- Anti-virus and anti-malware software on your servers, laptops and other devices
8. Think when you receive a phone call
It’s now becoming more common for attackers to call their target, often pretending to be from the IT team or the bank. They then direct you to a website that will then steal your information or allow them to access your machine. Always be wary of callers, call them back if necessary.
Staff should also be careful when entering sensitive information, clicking links or opening attachments and downloads they aren’t expecting. If you train them in what to look for, you drastically reduce your chance of a breach. As stated before, the majority of attacks are now targeting the end-users and, at times, can breach defences – even at large firms.
Do you require cybersecurity training for your business? Contact us today to chat with a consultant.
Is it possible to have a 100% cloud environment?
Many experts are predicting a “second wave” for cloud services. Public, private and hybrid cloud implementations are reported to be accelerating, according to Forrester, as CIOs seek to take advantage of cloud’s economies of scale to build on core applications. In fact, Gartner predicts that by 2020 “no-cloud” policies will be as scarce as “no-internet” policies are today. With this […]
6 reasons your business continuity plan is weak – and how to fix it
Business continuity planning involves creating a strategy to prevent, reduce and recover from risks to an organisation. Many organisations still have business-impacting IT outages which should be avoidable, or quick to recover from. There are six key reasons why these types of IT outages continue to impact businesses. 1. Not understanding risk Most businesses would be […]
FAQ: What is Cyber Essentials?
Cyber Essentials is a government-backed scheme designed to help organisations of all sizes reduce their risk of common cyber-attacks. It allows businesses to obtain one of two Cyber Essentials badges and has the support of industry organisations like the Federation of Small Businesses, the CBI and numerous insurance organisations. What are the certification levels? There […]