Yesterday, I received an urgent call from a client whose employee mistakenly launched a virus onto her computer. The employee (and consequently, the business) fell victim to a malicious phishing attack. Phishing is an attempt by cyber thieves to acquire your private information such as usernames, passwords, client data, and credit card information by disguising themselves as a trustworthy source in an email message.
I’ve seen an unprecedented rise in phishing attempts, especially during the holidays. Cyber thieves rely on our hectic year-end schedules, online shopping sprees, travel plans and generously giving hearts to catch us off guard. They craft clever email messages that coax us into clicking on an infected link. In turn, individuals and entire organizations become vulnerable to security breaches.
So it’s important, especially during the holidays, to stay alert and not let yourself or your employees fall victim to Phishing schemes. Here are five things you can do now to help prevent lost information, protect client data and avoid unnecessary downtime:
1. Set up fake phishing emails to find internal culprits.
Did you know that your IT partner can send out fake phishing emails to your employees? It’s a logical step in finding your in-house culprits. Once you know the most vulnerable employees, your IT partner can help set up a company-wide Internet Security Awareness Training program (see #2). The holidays are a great time to start a Fake Phishing email Campaign!
2. Set up an Internet Security Awareness Training program.
Your IT partner can help you develop a company-wide Internet Security Awareness Training program. As you know, people, not technology, are often your weakest link in cybersecurity. The most effective way to secure the human element is to establish a security awareness program that can be implemented on a regular basis (Most people need frequent reminders to develop good habits!)
3. Check the adequacy of your Antivirus AND Malware protection.
Do you have adequate antivirus AND antimalware protection? There are many free solutions out there, and several paid. Before choosing, do a little research to see which is the best to-cover you. Remember paid is not always the best.
4. Keep your computers Updated.
Computer updates are easy to overlook because they force you to interrupt your day. They are also one of the simplest things you can do immediately to protect your system. Set a regular schedule (say, every Monday before you jump into your work) to make sure your computer is updated. Pay attention to all notifications regarding updates to your antivirus software, web browsers, firewalls, and operating systems. Ignoring any of these essentially leaves cracks in your defense system.
5. Enforce strict password policies.
Train your employees on the importance of strong passwords. DO NOT use the same passwords on a website, use a unique password for each Site. You may even use small phrases. But don’t use common ones, like the Gettysburg address. Use something like “I love my d0g Stella and b0xer!” Notice how there is letters, numbers, and special characters like spaces, and an exclamation point.
6. Enforce strict policies for travelers and remote workers.
Traveling and remote workplaces are part of our modern business lifestyle. Cybersecurity hazards increase with the risk of stolen or lost equipment (laptops, phones, tablets), spyware and insecure hotspots. Your IT partner can help you set up policies and train the Traveling employee to avoid the dangers that come along with being mobile.