Did you know phishing attacks are still the most common approach for cybercriminals? Everyone’s at risk, including small businesses that may not have solid cybersecurity tools in place. As part of a layered security approach, here are four ways to protect against phishing attacks. Talk with your IT provider about how to implement them in your business.
How to Protect Against Phishing Attacks
Train Your Team To Be a Human Firewall
Cybercriminals are clever. They find their way around even the most sophisticated technology. So, each one of us is the last line of defense when it comes to avoiding cyberattacks. And since we’re human, “one and done” training isn’t enough.
Ongoing, simulated phishing tests can remind everyone how to avoid dangerous emails. Clicking on a test and receiving an “Oops, you clicked” message is a potent reminder to be careful.
Use short, online training modules tailored to address key risks to your organization. Maybe the idea of “tailgating,” or letting someone in the door who shouldn’t be there, doesn’t apply to your company because you’re small and everyone knows everyone. But, reminders to avoid public wi-fi or how protect mobile devices are absolutely relevant.
Don’t underestimate the value of training. Companies that use ongoing phishing testing and training are less likely to become a victim of phishing attacks.
Create More Secure Logins
Making the extra effort to keep your logins secure encourages cybercriminals to move on to an easier target. Consider implementing a password manager, multi-factor authentication, and Dark Web monitoring as deterrents.
Password managers help you generate, store and retrieve unique passwords for both local applications and online accounts in an encrypted database, or vault. The only password you need to remember is the one that unlocks the vault. Easy!
Multi-factor authentication (MFA) adds an additional secure layer after a username or password, often a code to your smartphone, to your username and password at login. While it takes an extra step when you log in, the extra security it worth it.
Dark Web monitoring notifies you if your username and password are found on the Dark Web. Credentials on the Dark Web are usually for sale to the bad guys. When you know the risk, you can change those credentials and render them useless.
Keep Dangerous (but Convincing) Emails Out of Inboxes
Spam filters are effective, but they don’t catch everything. Robust anti-phishing tools like Microsoft Defender for Endpoint help keep dangerous, but very convincing, emails from ever reaching your Inbox. After all, what you don’t see, you can’t click.
Another option is using a phishing awareness coaching tool to help your team identify potentially dangerous emails. A tool like this flags every email with a banner based on risk (“Internal”, “Caution”, “Danger,” etc.) and the user can easily take action, such as marking it as spam and blocking all future emails from that send address. Phishing coaching reduces the risk of a user carelessly interacting with a harmful email.
Ensure Reliable Backups to Help Avoid Paying a Ransom
Your staff is trained, credentials are secure, and you’ve added anti-phishing technology. You’ve greatly reduced the risk of falling victim to a phishing email that results in ransomware. Still, nothing is foolproof and unfortunately mistakes happen.
While some prominent companies have chosen to pay the ransom, best practice is to avoid paying whenever you can.
With solid backups in place, you can restore locked or corrupted data with minimum loss. Remember to backup both your network AND email. CRU’s backup-as-a-service includes an onsite backup that is replicated off-site for disaster recovery purposes. We can retrieve anything from a single file deleted by mistake to restoring your entire network from scratch.
It’s a common misconception that Microsoft backs up M365 email. There are quality tools on the market to backup and restore email, contacts, calendars, OneDrive and SharePoint. Choose one that’s best for your team and compliance requirements.
Even with reliable backups, if data has been exfiltrated and the cybercriminals are threatening to expose it, you’ll need to factor that risk into your decision whether or not to pay.
Plan to Protect Against Phishing Attacks
In line with your priorities and budget, work toward addressing these four ways to protect against phishing attacks. You don’t need to implement everything at once. Every layer you add will improve your chances of avoiding a cyberattack.
If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.