Top 5 Ways to Cut the Phishing Line
Everyone is vulnerable to phishing attacks. Here are 5 proven ways to avoid them and the damage they cause to your business.
One employee clicking the wrong link or opening an infected file can severely expose even the most secure of organizations. Here are five strategies to help your employees and customers become more resistant to cyber criminals.
1. Make it personal
- Engage employees and customers by illustrating how this risk, perhaps more than any other, directly affects them.
- Present information in an engaging way, such as gamification.
- Share stories from the news about real companies and people caught in phishing scams.
2. Remove the stigma
- Explain how cyber criminals socially engineer attacks to catch people off guard, and there’s no shame in taking the bait.
- Establish a system for reporting phishing scams and encourage people to report potential infections as soon as possible.
- Share stories where high-level people fell for a phishing scam, demonstrating it can happen to anyone.
3. Engineer skepticism
- Encourage employees to follow up with colleagues, even those at the highest levels of the organization, if a request or file attachment seems strange.
- Provide an easy way (e.g., a plugin) for employees and customers to submit suspicious messages for review.
- Define inappropriate email requests, such as those asking for passwords or other personal information.
4. Promote message scrutiny
- Teach employees how to evaluate the legitimacy of hyperlinks and sender addresses.
- Explain common tricks used in phishing, like replacing the letters with similar characters, as in app1e.com with a 1 in place of the l.
- Post sample phishing messages on the company website where customers can access them.
5. Train continuously
- Distribute instructions to avoid phishing scams, with examples of the latest tactics, several times a year.
- Conduct phishing simulations to improve employee handling of suspicious messages and collect data about who is vulnerable.
- Add phishing warnings and links to resources to customer communications, where appropriate.
There’s no way to eliminate the phishing threat entirely, but combining good cyber hygiene, like dynamic inbound/outbound traffic monitoring and up-to-date software and patches, with effective training can greatly reduce the risk to businesses and their customers.
For more insights on how to reduce cyber risk, subscribe to our newsletter and follow us on LinkedIn.