The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on March 23, 2018

11 security strategies to protect your company from phishing attacks

11 security strategies to protect your company from phishing attacks
Scott Gerber
Story by

Scott Gerber

Scott Gerber is the founder of Young Entrepreneur Council (YEC), an invite-only organization comprised of the world’s most successful young Scott Gerber is the founder of Young Entrepreneur Council (YEC), an invite-only organization comprised of the world’s most successful young entrepreneurs. YEC members represent nearly every industry, generate billions of dollars in revenue each year and have created tens of thousands of jobs. Learn more at

With the number of major cyberattacks and security breaches increasing every year, it’s imperative for businesses to make security a top priority. Phishing — commonly executed by sending fraudulent links and attachments via email in an attempt to get the reader’s personal information — is one of the most prevalent cybersecurity issues, and you and your team need to know how to avoid these types of attacks.

As hackers get more sophisticated in their methods, businesses must keep up with the latest trends and educate themselves on how to identify an email scam. We asked members of Young Entrepreneur Council about the most effective anti-phishing tactics. Their best answers are below.

What is the most effective way you have found to protect your company from phishing attacks?

1. Train your employees to recognize scams.

My company receives a number of phishing attempts every day. Our employees have been directed through training to forward to a single person any and all emails that seem random, suspicious, uncharacteristic or contain any links that were not expected. It’s important to embrace even the false alarms to encourage the employee to continuously question suspicious attempts in the future. – Stephen HetzelBidPrime

2. Use two-step verification.

An example of how two-step verification (or a two-factor authenticator) works is, you sign in with a password and then a code is sent to your phone to verify the login attempt. Turning on two-step verification adds an additional layer of security for companies and helps protect your accounts from phishing attacks. – Brett FarmiloeMarkitors Website Development

3. Have regular security health checks.

Once every three months, we review major security issues in the industry. We talk about big events that have happened and what could have been done to prevent it. These have been very effective and are quite fun for staff to attend. – Nicole MunozStart Ranking Now

4. Continually update your software.

Training is essential to reduce the risk phishing attacks pose, but businesses can’t rely on every employee doing the right thing when faced with a sophisticated phishing email. Most phishing attacks attempt to exploit vulnerabilities in software — vulnerabilities that are often fixed in the most recent versions. Keeping all software up-to-date is the most effective way to combat phishing. – Vik PatelFuture Hosting

5. Secure your browsers.

The most common form of phishing involves the impersonation of a trusted website. If people foolishly attempt to login to a website without first checking the URL, this could lead to information theft. To combat this, all work computers in my company run an extension called HTTPS Everywhere that verifies the correct URL and security features for every webpage. – Bryce WelkerCPA Exam Guy

6. Use different passwords.

With so many online tools and platforms to use for your business, some may decide to use one password for all logins, but that is a huge mistake. There are many login tools that can save your company from phishing attacks. I use LastPass, which lets you have one master password for all of your logins. It then creates randomized passwords to help protect you against phishing attacks. – Solomon ThimothyOneIMS

7. Hold mock drills for phishing attacks.

The best way I have found to educate my staff is to send ‘mock’ phishing emails. I monitor in the backend if they click on the link or delete or mark as a spam. These emails also help me test the antivirus that is installed on our system. You can find mock emails and links on google. This small exercise helps a lot. Prevention is better than a cure. – Piyush JainSIMpalm

8. Use Google Chrome.

When it comes to security, I’ve found that Google Chrome is the way to go. It will notify you if a website is suspicious, tell you why and ask you if really want to click on the link. This extra level of security helps protect employees and companies from potential hacks. – Syed BalkhiOptinMonster

9. Install a reliable antivirus software.

Use antivirus software. It’s simple, but a lot of companies don’t use it. Once it’s installed, educate your staff on how to identify a potential phishing attack and how to avoid falling prey. – Andrew SchrageMoney Crashers Personal Finance<

10. Never click links within emails. 

Phishing attacks almost always depend on someone making a mistake such as clicking on a fake link in an email. Make sure everyone in your business is educated on this issue. Make a simple rule: never click on links, especially from financial institutions, in emails. If there’s even a 1-percent chance that a link is fake, it’s better to be safe and type the URL in your browser. – Kalin KassabovProTexting

11. Look into blockchain security.

We use a blockchain infrastructure for our security framework that essentially blocks phishing attacks so we can protect our own data and our customers during every transaction. – John RamptonCalendar