Four Ways to Protect Against Phishing Attacks

Four Ways to Protect Against Phishing Attacks

Phishing attacks are the most common way cybercriminals gain sensitive information and distribute malicious programs like ransomware.

Everyone’s at risk, including small businesses that may not have solid cybersecurity tools in place.  As part of a layered security approach, here are four ways to protect against phishing attacks. Talk with your IT provider about how to implement them in your business.

Train Your Team To Be a Human Firewall

Cybercriminals are clever. They find their way around even the most sophisticated technology. So, each one of us is the last line of defense when it comes to avoiding cyberattacks. And since we’re human, “one and done” training isn’t enough.

Ongoing, simulated phishing tests can remind everyone how to avoid dangerous emails. Clicking on a test and receiving an “Oops, you clicked” message is a potent reminder to be careful.

Use short, online training modules tailored to address key risks to your organization. Maybe the idea of “tailgating,” or letting someone in the door who shouldn’t be there, doesn’t apply to your company because you’re small and everyone knows everyone. But, reminders to avoid public wi-fi or how protect mobile devices are absolutely relevant.

Don’t underestimate the value of training. Companies that use ongoing phishing testing and training are less likely to become a victim of phishing attacks.

Create More Secure Logins

Making the extra effort to keep your logins secure encourages cybercriminals to move on to an easier target. Consider implementing a password manager, multi-factor authentication, and Dark Web monitoring as deterrents.

Password managers  help you generate, store and retrieve unique passwords for both local applications and online accounts in an encrypted database, or vault. The only password you need to remember is the one that unlocks the vault. Easy!

Multi-factor authentication (MFA) adds an extra secure layer, often a code to your smartphone, to your username and password at login. MFA has been required for years by many organizations, and even Google will soon make it mandatory. The Colonial Pipeline hackers exploited the weakness of no 2FA on the company’s VPN, making it easier for them to get in. Don’t underestimate the value of MFA.

Dark Web monitoring notifies you if your username and password are found on the Dark Web. Credentials on the Dark Web are usually for sale to the bad guys. When you know the risk, you can change those credentials and render them useless.

Keep Dangerous (but Convincing) Emails Out of Inboxes

Spam filters are effective, but they don’t catch everything. Robust anti-phishing tools like Microsoft Defender for Endpoint help keep dangerous, but very convincing, emails from ever reaching your Inbox.

After all, what you don’t see, you can’t click.

Avoid Paying a Ransom

Your staff is trained, credentials are secure, and you’ve added anti-phishing technology. You’ve greatly reduced the risk of falling victim to a phishing email that results in ransomware. Still, nothing is foolproof and unfortunate mistakes happen.

While some prominent companies have chosen to pay the ransom, best practice is to avoid paying whenever you can. With solid backups in place, you can restore your data with minimum loss. This gives you a choice about paying the ransom.

Backups are required for both your network and email. CRU’s backup-as-a-service includes an onsite backup that is replicated off-site for disaster recovery purposes. We can retrieve anything from a single file deleted by mistake to restoring your entire network from scratch.

It’s a common misconception that Microsoft backs up M365 email. Typically, Microsoft has a retention policy of 30 days, but beyond that your emails cannot be restored. There are quality tools on the market to backup email, contacts, calendars, OneDrive and SharePoint. Choose one that’s best for you.

Plan to Protect Against Phishing Attacks

In line with your priorities and budget, work toward addressing these four ways to protect against phishing attacks. You don’t need to implement everything at once. Every layer you add will improve your chances of avoiding a cyberattack.

If you’d like to know more about how CRU Solutions can help keep your business safer, contact us.