We’ve previously addressed the vitality of working cybersecurity into your training program for new and existing employees, but let’s look at a way to enhance email security by training staff in phishing prevention.
When a breach in security happens, it can cause huge problems for your business and while your employees can be your greatest asset, if they’re not trained properly in email security, they can become your greatest downfall.
One of the most common types of cyberthreats that can occur is phishing.
What is Phishing?
Phishing is a cyber-attack that uses disguised email as a weapon, making it one of the easiest traps your employees can fall prey to.
A sophisticated phishing attack often disguises itself as something that’s marked important and urgent; something that your employee would definitely want to see – like a message from their bank or doctor or someone higher up in the company. The email will often contain a link or an attachment. As soon as your employee clicks that link or attachment, you’re in trouble. Those links and attachments can either download malware straight onto your employee’s computer or they can continue the ruse and coerce your employee into handing over sensitive, secure information.
How can you spot Phishing?
So you know what phishing is in concept and more importantly, what damage it can do to your company. But when you’re going about your day to day, in or out of the office, how can you realize when you’re being targeted by a phishing attack? Well, here are some things to look out for:
- Email is from unknown/unexpected sender
- Email contains an abnormal amount spelling/grammar errors
- Message has an unusual sense of urgency
- Signature in the body of the email doesn’t match the sender’s email address
- Seems too good to be true
- When you hover over a link, the destination doesn’t match with what you would expect it to be.
- Sender’s name resembles someone you know but looks slightly altered (a zero replaces an “o”, 1 replaces an “I”).
- Requests personal information (account numbers, SSN, passwords, etc.)
- Email is from someone you know but doesn’t align with what you know of them (Example: Someone in sales asking for your personal bank account information)
What do you do when you’ve received a phishing email?
Once you’ve identified a phishing email, the next step is to properly dispose of it. One of the tools we use is called the Phish Alert button, a free email plugin created by KnowBe4. With one click of the Phish Alert button located in the upper-right corner of your Outlook toolbar, you will completely remove the email from your mailbox and forward it to Microsoft’s support team to be used to improve their spam filtering.
Don’t have a Phish Alert button, but know you need one? Let us know and we’ll contact you to discuss your installation options.