Small businesses are under threat from a variety of sources, both internal and external. But phishing is the most pressing. NIST Computer Security Resource Center defines phishing as a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
Types of Phishing
Standard Phishing
Standard phishing is the most common type of phishing. These attacks typically involve mass emails sent to large groups of people.
Spear Phishing
A targeted attack aimed at a specific individual or organization, often involving the use of personal information to make the email seem more credible.
Whale Phishing
Targets high-ranking executives or other individuals who have access to sensitive information. This kind of attack is more sophisticated as the victims are often tech-savvy.
Vhishing
This attack uses phone calls or VoIP (Voice over IP) messages to trick victims into revealing sensitive information.
Phishing Prevention Best Practices
Watch for overly generic content
Cybercriminals send a large batch of emails. Look for examples like “Dear valued customer.”
Examine the "From:" email address
The first part of the email address may look legitimate, but the last part might be off by a letter or may include a number in the usual domain.
Look for urgency
“You’ve won! Click here to redeem prize,” or “We have your browser history pay now or we are telling your boss.”
Check all links
Hover over the link and see whether the link’s description matches with the one implied in the email.
Look for errors
Notice misspellings, incorrect grammar and odd phrasing. This might be a deliberate attempt to try to bypass spam filters.
Check for secure websites
Any webpage where you enter personal information should have a url with https://. The “s” stands for secure.
Don't click on attachments
Attachments containing viruses might have an intriguing message encouraging you to open them such as “Here is the schedule I promised.”
3 Steps To Protect Your Business
1.
Conduct Regular Security Awareness Training
Keep your employees prepared to deal with any security threats that come your way by keeping them up to date on the latest security landscape and best practices through regular training.
2.
Perform Routine Testing To See Whether The Training Is Effective
It’s critical to consistently evaluate the success of your security training through quizzes, surveys and mock tests.
3.
Deploy Quarantining Solutions That Stop Phishing Attacks
Businesses can protect themselves from the harmful effects of phishing attacks by deploying quarantining solutions that help stop phishing attempts in their tracks.
Pollock Company
Managed Cyber Security services from Pollock Company provide a robust combination of advanced tools for cyber protection in every aspect of your business.
Let us show you how we can safeguard your endpoints, your email accounts, your data, your applications, and even your identity! Contact us to get a free cyber security assessment today.
