Phishing on the Job.
Phishing at work isn’t as fun as it sounds. It’s a pretty common method in which somebody attempts to get personal information through a fraudulent link within an email. It’s one of the most prevalent cyber-security issues, mainly because it’s so easy to send out bulk mail and mask your identity as a sender with a known contact name. The message body is generally short and poignant, many times with either grammatical or spelling errors, however, more sophisticated attacks seem professionally relevant and look somewhat authentic. Due to the ease and frequency of these falsified emails, the relative success of the attacks makes it that much more important to spread awareness of phishing and prevent employees from engaging the emails. Here are some best practices that, if followed, can easily prevent a phishing attack.
The best way to combat a simple phishing attempt will always be the ability to detect them. To do this, employees need relatively quick training on how to be skeptical with any suspicious email. Where to look and what to look for is somewhat simple when talking about an unknown email. If you hover over the email name, it will reveal the full address, which makes it quite easy to determine if it’s an illegitimate piece of mail. Also, never click on links within emails. It’s a much safer rule to just open it up within a browser.
Always perform Updates
Most phishing attacks attempt to exploit software vulnerabilities applications aren’t updated with their most recent security patches, they are going to remain a potential threat. You can’t always rely on the employee to do the right thing, so keep your OS and programs up to date. Use strong, unique, and rotating passwords.
Changing your password is commonplace nowadays. Make sure that you have a unique password for most of your applications, albeit memorable. It’s a good idea to periodically rotate variations of passwords as well. Use 2FA
Enabling a Two-Factor Authentication process is one of the best ways to improve security overall. It practically eliminates the possibility of an intruder from logging into a profile. Here is an in-depth look at 2FA and how important it is when high security is necessary: Two-Factor Authentication Protects your accounts from being hacked. Below is a link redirecting to a 2FA article. For some practice, you can right-click the link, hit "copy URL address", and paste it into notepad instead of clicking directly on the link so you can see where it goes. Make sure it has https:// in front of the address. Click this link!
Have Anti-virus protection
There are plenty choices for endpoint protection (antivirus) at the business level, yet many still don’t have a good source to detect threats. They will use free versions of AV software and leave it up to that program, which most of the time doesn’t have real-time protection. It’s an obvious necessity to purchase AV software for your company, especially when it’s only about a $30-$50 per user per year investment. Use Google Chrome
When it comes to security, the Google Chrome browser is generally the best option. It has notifications for suspicious websites and will attempt to prevent you from accessing it unless you manually bypass the warning. But even if you are using Chrome, you should always check the URL for accuracy. Education and prevention are most important. Always err on the side of skepticism and notify your network of any potential phishing attack or intrusion. Even if you realize that you did something wrong, let it be known so nobody else does the same.