How to Reduce Your Risk of a Phishing Attack

While Internet security and personal responsibility in protecting private information has advanced over recent years, it doesn’t mean Internet and cyber attacks have all but disappeared. There are still victims of phishing attacks on a daily bases. These commonly occur as a result of an email containing a link leading to a site for people to enter information — information that ultimately lets hackers steal their information.

Here’s how it works. Generally, there is an email claiming the respondent should sign up for a promotion, has won something, or has a problem with their account. The email directs them to click on a link, which then asks for their personal or company information, like their name, address, phone number, bank information, and/or credit card number. Phishing can also occur through websites without ever clicking a link in email. Here are multiple ways to protect your business and employees from a phishing attack.

  • Invest in security software. Make sure your personal computer and all company computers have updated security software. This includes anti-virus software that has been updated recently, anti-spam software, and anti-spyware software. Together, they provide optimal protection from hackers and spamming, viruses that can infect your computer and steal your information. They also help to protect you from spyware programs that scan your computer for financial data they can steal.
  • Be protected with a firewall.  You should always have your firewall enabled, which protects your computer and the network itself. Whether your business is home based and you only need to protect your own desktop, or you run a business with 30 computers all on the network, firewalls should be set up. Microsoft has a built-in firewall for software protection of individual computers, but if you don’t have a Windows computer, you will need to ensure your computer has a firewall. A firewall for your network is also essential, as it prevents hackers from getting into your browser or computer.
  • Never click links in emails. One of the easiest ways to prevent becoming a victim of a phishing attack is by not clicking any links in emails. This is one of the most common ways a hacker gets to you, so be sure you never click a link that you don’t trust completely. Even opening emails that seem suspicious can put you and your employees at risk. If you run a company, inform employees that they should only open emails and click links they trust. Hyperlinks in emails often go to fake websites that look just like the site intended, but aren’t the legitimate website. If the email claims they are your bank, don’t click the link, but open a new tab and go straight to the bank website that way. Better yet, call your bank and make them aware of the email. The FBI provides information on reporting phishing attempts as does the United States Computer Emergency Readiness Team.
  • Verify the SSL. When on a bank or other sensitive website, always verify the SSL, which is the security feature of websites. This will appear as an “s” after “http” such as “https.” This tells you they have an updated security certificate located on the site, showing it is a safe and private place to enter personal and business information, like entering your pin for your online banking account.
  • Don’t enter info in pop-ups. Finally, be sure you never enter private or sensitive information in a pop-up window. If you aren’t sure, look for their customer service number and call with information instead of entering anything online.

Just to be sure nobody is stealing money from your accounts or using your information illegally, check your bank statements closely and get a credit report at least once a year to go over the accounts listed. In addition, be sure your business is protected from phishing attacks by investing in cyber liability insurance.