How to recognize phishing and protect yourself
Whether employees are at the office or working from their kitchen table, they’re susceptible to being on the receiving end of one of the most common social engineering tactics. Phishing is a scam where people are manipulated into providing credit card numbers or sensitive personal information (like login credentials) by a bad actor pretending to be a legitimate source (like a colleague, bank or even government institution).
This “wolf in sheep’s clothing” deceives the recipient into not only opening the message but also into clicking on a link or opening a file that can compromise the security of their device and personal or business information. This opens them up to unauthorized purchases, identity theft or the theft of sensitive or proprietary company information.
With many companies choosing to practice social distancing as a result of COVID-19, our work environments have changed to the comforts of home, and we’re relying on digital communication more than ever to stay connected with our colleagues. While working remotely, we need to be mindful that phishing scams still exist regardless of what our work space looks like. In fact, cyber-criminals may look to exploit these uncertain times and unfamiliar work environments. You and your employees can protect yourselves! Here’s how:
Arm your employees with phishing awareness and education
Make sure your team knows the warning signs of a phishing email, like poor spelling and grammar, an implied sense of urgency to complete a task or provide information, appearing to come from someone in a position of authority, limited sender contact information, requests for money or personal information and attachments or links.
They should also slow down and ask themselves if they were expecting this message – does it make sense that the person this message is supposedly from would be sending the message in the first place? If not, the message is likely worth investigating more thoroughly.
Use technology as a safety net
While no anti-virus software can be as effective as applied awareness and education, it’s a great backup!
Many email systems also offer basic security functionality, and can be further configured with additional features or services from third-party vendors.
Keep the lines of internal communication open
Encourage and provide a way for your staff to report suspicious emails.
It’s always better to report an email than to take a potentially devastating risk.
Engage the experts
There are many consulting organizations that focus exclusively on combating the latest evolution of cyber threats and training their clients’ staff to do the same.
We strongly recommend researching and engaging these resources to learn best practices and implement them in your own organization. Proofpoint Inc. is a leader in email security and security awareness training. They have a variety of free tools to help you improve your end-user cyber security awareness, like this phishing identification infographic.
Wherever they’re working, your employees are susceptible to being targeted with one of the most common social engineering tactics: phishing. For tips on how to protect your team and your business from our in-house information security experts, download a free copy of our Security Best Practices E-Book: https://www.payworks.ca/landing-pages/campaigns/security-best-practices-e-book.
