9 Top Tips to Prevent Corporate Phishing Attacks

Corporate Phishing

It is vital for all companies to recognise the role their staff play in the security of information. Corporate employees are in possession of the right credentials (such as passwords, ID documents, usernames and security clearances) and general knowledge which is of utmost importance to anyone trying to breach the company’s security and gain information. One way in which an intruder can gain the said protected information is through phishing. This is classed as any attempt by electronic means to steal sensitive information like passwords, usernames, credit card details, etc., for malicious purposes, by masquerading as someone trustworthy. In a business context, this means getting the necessary information to gain access to otherwise protected networks, data, etc.

The gaining of trust from the victim is crucial to the success of this activity, and since we now live in a digital age, gathering information has become much easier than before. There are various methods of phishing used by attackers which can have a very negative impact on a business and its employees. These include:

  • Sending an email containing an embedded hyperlink which redirects the recipient to a non-secure website which requests sensitive information;
  • Attempting to obtain information by telephone by pretending to be a member of the IT department or a known business contact;
  • Installing a Trojan horse in a malicious email, via an attachment or advertisement, which enables the sender to exploit loopholes and thus steal restricted information. (A Trojan horse is a malicious computer programme, which dupes the user into installing it, by representing itself as a free gift, something useful, entertaining, etc.)

9 Steps To Educate It's Employees About Phishing

In order to prevent such abuse, a company can take the following steps to educate it's employees about phishing:

  1. Conduct training sessions on this topic, with mock phishing scenarios;
  2. Install a spam filter on all company systems which detects blank senders, viruses, etc;
  3. Keep all systems up to speed with the latest security patches and updates;
  4. Install anti-virus solutions, and monitor the anti-virus status on all equipment;
  5. Use a web filter which blocks malicious websites;
  6. Make use of a security policy which includes password expiration and complexity;
  7. Ensure that all sensitive company information is encrypted (this is defined as the encoding of information or messages in such a form that only authorised personnel will be able to read it);
  8. Require that all telecommuting employees have encryption;
  9. Convert HTML emails into text-only ones, or disable HTML ones.

These are just a few of the multiple measures which companies can take against phishing attacks, which threaten their security and integrity. They should keep up with current anti-phishing measures to ensure they can recognise and eliminate new threats as they evolve.  It is just as important to ensure that all employees are aware of these types of threats and how to avoid them. Properly secured systems and informed staff are key in preventing theft of sensitive data from your business through malicious activities of this kind.

Picture courtesy of www.ifsecglobal.com

Recommended Posts | Data Loss Prevention

Layman's Guide To Malware

A Layman's Guide To Malware

The internet is a powerful and wonderful tool. Many of us would be absolutely stranded without it and our business and personal lives would pretty much grind to a halt. Here, in layman’s terms, is what you and your family need to know to help keep you safe whilst surfing the net ...
Most Unbearable Causes Of Data Loss

The Top 5 Most Unbearable Causes Of Data Loss

Data loss is a genuine issue and in a few cases the information is not recoverable. Hence, it's a great thought to think about the most widely recognized reason for data loss so you may profit from them and evade any future setbacks. Sadly, data loss is a moderately normal event ...
old data

Safety Tips for Recycling Computers, Smartphones, and Tablets

What happens to old equipment and the data stored on these devices? Today’s businesses upgrade computers, smartphones, tablets and laptops every few years. But, what happens to your old equipment and the data stored on these devices? Company’s data is at risk when you recycle your old electronics ...
Safeguard your Business

How to Implement Data Loss Solutions & Safeguard your Business

There are a number of fundamental reasons why businesses fail or face insolvency, from diminished cash flow to an over-reliance on a small group of clients. There are also modern-day factors that with the age of the Internet making businesses vulnerable to data loss and corruption ...