With the number of major cyberattacks and security breaches increasing every year, it’s imperative for businesses to make security a top priority. Phishing — commonly executed by sending fraudulent links and attachments via email in an attempt to get the reader’s personal information — is one of the most prevalent cybersecurity issues, and you and your team need to know how to avoid these types of attacks.
As hackers get more sophisticated in their methods, businesses must keep up with the latest trends and educate themselves on how to identify an email scam. We asked members of Young Entrepreneur Council about the most effective anti-phishing tactics. Their best answers are below.
What is the most effective way you have found to protect your company from phishing attacks?
1. Train your employees to recognize scams.
My company receives a number of phishing attempts every day. Our employees have been directed through training to forward to a single person any and all emails that seem random, suspicious, uncharacteristic or contain any links that were not expected. It’s important to embrace even the false alarms to encourage the employee to continuously question suspicious attempts in the future. – Stephen Hetzel, BidPrime
2. Use two-step verification.
An example of how two-step verification (or a two-factor authenticator) works is, you sign in with a password and then a code is sent to your phone to verify the login attempt. Turning on two-step verification adds an additional layer of security for companies and helps protect your accounts from phishing attacks. – Brett Farmiloe, Markitors Website Development
3. Have regular security health checks.
Once every three months, we review major security issues in the industry. We talk about big events that have happened and what could have been done to prevent it. These have been very effective and are quite fun for staff to attend. – Nicole Munoz, Start Ranking Now
4. Continually update your software.
Training is essential to reduce the risk phishing attacks pose, but businesses can’t rely on every employee doing the right thing when faced with a sophisticated phishing email. Most phishing attacks attempt to exploit vulnerabilities in software — vulnerabilities that are often fixed in the most recent versions. Keeping all software up-to-date is the most effective way to combat phishing. – Vik Patel, Future Hosting
5. Secure your browsers.
The most common form of phishing involves the impersonation of a trusted website. If people foolishly attempt to login to a website without first checking the URL, this could lead to information theft. To combat this, all work computers in my company run an extension called HTTPS Everywhere that verifies the correct URL and security features for every webpage. – Bryce Welker, CPA Exam Guy
6. Use different passwords.
With so many online tools and platforms to use for your business, some may decide to use one password for all logins, but that is a huge mistake. There are many login tools that can save your company from phishing attacks. I use LastPass, which lets you have one master password for all of your logins. It then creates randomized passwords to help protect you against phishing attacks. – Solomon Thimothy, OneIMS
7. Hold mock drills for phishing attacks.
The best way I have found to educate my staff is to send ‘mock’ phishing emails. I monitor in the backend if they click on the link or delete or mark as a spam. These emails also help me test the antivirus that is installed on our system. You can find mock emails and links on google. This small exercise helps a lot. Prevention is better than a cure. – Piyush Jain, SIMpalm
8. Use Google Chrome.
When it comes to security, I’ve found that Google Chrome is the way to go. It will notify you if a website is suspicious, tell you why and ask you if really want to click on the link. This extra level of security helps protect employees and companies from potential hacks. – Syed Balkhi, OptinMonster
9. Install a reliable antivirus software.
Use antivirus software. It’s simple, but a lot of companies don’t use it. Once it’s installed, educate your staff on how to identify a potential phishing attack and how to avoid falling prey. – Andrew Schrage, Money Crashers Personal Finance<
10. Never click links within emails.
Phishing attacks almost always depend on someone making a mistake such as clicking on a fake link in an email. Make sure everyone in your business is educated on this issue. Make a simple rule: never click on links, especially from financial institutions, in emails. If there’s even a 1-percent chance that a link is fake, it’s better to be safe and type the URL in your browser. – Kalin Kassabov, ProTexting