How to prevent phishing

Phishing attacks are becoming more and more prevalent, particularly since the pandemic lockdowns. Scammers have taken advantage of the fact that more people are working and shopping online to develop ever more sophisticated techniques to get past security measures designed to stop phishing. Even people who consider themselves to be fairly security-savvy can fall victim as the scams get more convincing. So what can you do to prevent phishing in your organisation? Here are some tips.

• Help people try and recognise phishing attacks when they come in – Educate your team to recognise the signs that an email might not be legitimate. Phishing emails are well crafted to look legitimate but there are some things that should definitely ring alarm bells. Things like typos and spelling errors, the inclusion of attachments or requests to click on links, unprofessional looking graphics, focusing on the urgency of requiring the recipient to verify their email address quickly, addressing the recipient with a generic salutation such as ‘Dear Customer’ rather than by their name.
• Be wary of links – Key to avoiding a phishing attack is to make sure that everyone in the organisation understands how important it is to check links in emails or messages, even if you know the sender. Most people know not to click on unsolicited links but scammers are able to spoof the addresses of people that you know and they are highly skilled at persuading people that it is OK to click on this link. At the very least show people how they can hover over a link to check that it looks legit, or teach them to go directly to a site and access it via their browser rather than through clicking on a link. If you utilise an online mail filtering platform, this will often utilise “URL Re-writing” which changes any URL’s sent to your staff so if they click on a link it is scanned first to make sure it is not a malicious site.
• Be very wary of popups – Just as users should be wary of clicking on unsolicited links, so they should be just as wary of interacting with unexpected popups on the websites that they visit. Popups can be an effective way of getting malware onto machines. 
• Check that websites people use are secure – People should not give their details to any website that isn’t secure. Make sure your staff understand how to assess whether a site is secure or not. Teach them the difference between http and https and the importance of seeing the closed padlock icon in their browser when they’re visiting a particular site.
• Utilise an online AntiSpam solution – The best way to protect your company is to filter malicious mails out before they get into your mail system in the first place. The majority of desktop installed AV software is just antivirus software, so does not protect you against spam. Anti-malware software prevents other types of threats such as trojan horses, worms, viruses and other such threats but may not be a part of your AV installed solution. Consider combining anti-spam, anti-malware and online spam filtering into one package. Talk to us today about how we can help you with that.
• Keep up to date with updates and patches – Updates and patches are there to help you. Often, they’re developed specifically to close security loopholes that have been identified so if you don’t update your software regularly, you’re potentially leaving yourself wide open to attack. Having installed the software you need to stay safe, it’s vital that you ensure it’s updated whenever needed. You may need to look at an RMM solution to manage your updates. Talk to us for how this works.

Don’t hesitate to get in touch if you’d like to talk more about how we can help you improve your organisation’s security.