Phishing scams are plaguing the digital world, and it’s showing no signs of stopping.
It’s regarded as the most common form of cybercrime, with the British government estimating that UK businesses have experienced approximately 7.78 million cybercrimes in the last year.
It’s not just the global bigwigs who are susceptible to phishing scams. It can happen to any organisation no matter the size – which is why it’s important to know how to keep your business safe from phishing scams.
Ash Farr, Impact’s Client Security Lead. has provided essential cybersecurity insights to our clients for nine years. He’s compiled his list of critical steps to take to keep your business safe.
1. Staff Training and Phishing Awareness
Most phishing attacks begin with staff opening the virtual door to an attacker with scams ranging from deceitful links to downloading files or divulging information.
But threats change, so keep up with them – even the Impact team needs a refresher sometimes.
Running regular tasks like simulated phishing tests helps users refresh their skills and helps identify members of staff who are most at risk and need extra training or support to keep your business safe.
2. Adopt a Security Focussed Culture
Like the opening point, it’s important to prioritise cyber security and make awareness standard in your business.
Implement cyber security skills and culture in staff reviews, reward those who take it seriously, and provide guidance or extra training to others.
Talk to your staff about it as often as possible in team meetings and highlight real-life situations where the consequences were disastrous.
For new staff, make phishing scam training part of the induction process so they can get up to speed with the standards you’ve set in the business.
3. Reporting & Incident Response
Even with enhanced security in place, your business is still vulnerable to phishing attacks. We get it, everyone makes mistakes from time to time, but phishing attacks must be reported immediately.
Do you have an incident response plan? Is there anyone in the company staff can report incidents to? If not, speak to one of the experts at Impact, we have a template in place to help you manage an incident promptly.
4. Invest in the right tools and technology to reduce phishing scams
Even with email filtering, you won’t stop all the pesky scams and malicious emails. However, choosing the right tools will help to significantly reduce them.
The best technologies, like our Thrive solution, evolve just as quickly as the threats do, if not quicker! New features are reviewed and implemented by our talented experts frequently.
5. Keep Software & Systems Updated
Like everything else on this list, software updates are important for your business.
Make sure you are regularly checking for updates and patching software like email clients, web browsers, and operating systems to protect against any vulnerabilities that phishing attacks can exploit.
Further tips to keep you safe from phishing:
- Check your IT team has correctly set up email configurations like Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC).
- Ensure that multi-factor authentication (MFA) is enabled on all your email accounts.
- Ensure you have attachment and link scanning.
- Check you have the most dangerous file types blocked (.zip .bat .ps1).
We understand there’s a lot of complexity with getting your security set up correctly. Get in touch with Impact to see how we can ease your mind and protect your business from phishing scams.