22nd January 2021

Avoiding Phishing Attacks – Part 2

Cyber security

Identify & Avoid common phishing attacks

Train your Staff Members:

  • Take some time out with your staff and management team and discuss the ways that a hacker could target your business. Make sure everyone understands the risks of Malware and how to identify suspicious emails. 
  • Conduct user training and make sure they understand the ways you expect interactions with other businesses to operate and behave so that they’re better equipped to spot strange requests such as an invoice for a service that you haven’t used.
  • Encourage users to question suspicious and unusual requests – even if they appear to be from important individuals. Make sure that just because the name on an email is set to be “Head Honcho” and flagged as VERY URGENT does not make it genuine.

Set Passwords and User Permissions:

  • You must implement the principle of “Least Privilege”, this means giving users the lowest level of permission required to use their systems and work effectively, so if they are the victim of an attack, the potential damage is reduced.
  • A strong password policy that is rigorously enforced is another must-do requirement.
  • Insist on two-factor authentication (2FA) on all accounts that have it available – especially email so that even if an attacker knows your passwords, they still won’t be able to gain access.

Additional Steps:

  • Setup external email filtering & scanning or Microsoft’s Advanced Threat Protection to intercept malicious emails before they reach users mailboxes.
  • Install Gateway protection with a good quality Stateful Firewall with application control, intrusion prevention, packet filtering, IPsec and SSL VPN support. It should also have the ability to identify attacks, malware, and other threats, and be able to block these threats. 
  • Switch on all local firewalls and ensure they are always on
  • Make sure you have installed good quality Anti-Virus as well as Anti-Malware to all your systems and that they are automatically updated and monitored.
  • Only install applications to the system and mobile device from approved sources and make sure they are always up to date.
  • Install all software and Operating Systems updates to all systems and mobile devices as soon as possible.
  • Don’t use USB Memory Sticks to transfer data and make sure a process is in place to prevent their use.
  • Why not tell your suppliers and customers that ‘we never ask for your password’, or ‘our bank details will not change at any point’ so that a culture of care is engendered.

Find out here about common phishing scams used by cybercriminals, additional points to consider when training your staff members and read on our Cyber Security Guide to help protect your valuable business information.