5 Ways to Stay Protected from Advanced Phishing Threats

It's no surprise that phishing attempts affected over 64% of organizations in the past year, and that the number is rising simply because cyber-criminals are getting smarter while more and more people are falling victim to these threats because of the lack of awareness and training regarding these types of attacks. Everyone is encouraged to adapt safe online practices, both on their work devices as well as their personal devices, and these are 5 ways that can help you stay protected from advanced phishing threats that you could be exposed to on a day-to-day basis.

1. Scan all your employee devices using a mobile security software

If employees bring their own devices to work, then you need to ensure that each one of those devices is secure, lest they throw the security of the entire corporate network into jeopardy. Privately-owned devices could have malicious phishing apps and pirated software installed on them. It is important to note that employees working from home or other remote locations could send data to your head office via unsecured connections or Wi-Fi networks that the company isn’t aware of. To ensure that important data doesn’t leak through employee devices - you should install mobile security software on all “BYOD” devices.

2. Think Before You Click!

It’s okay to click on links when you’re on trusted websites. However, clicking on links that appear within random emails from unknown senders, text messages and DM's isn’t such a smart move. Hover over links that you're unsure of before clicking on them. Ask yourself, do they lead where they're supposed to? A phishing email may claim to be from a legitimate company or sender, and then when you click the link to the website, it may look exactly like the real website. The email may ask you to fill in the information, but it may not even address you by name. Most phishing emails will start with “Dear Customer” - and not a first name e.g. "Dear John", so you should be alert when you come across these generic looking emails. When in doubt, always go directly to the source rather than clicking on a potentially dangerous link.

3. Avoid shortened web links

Hackers post shortened phishing links on social media, which makes it extremely hard for users to differentiate legitimate links from the illegitimate ones. Link shortening services such as “Bitly” make all links look identical in the eyes of ordinary online users. Not unless you trust the source of a shortened link, therefore, try not to click on it as it could inadvertently lead you to a malicious or fake website. If you mistakenly enter your personal details in a fake website, phishing thieves will effortlessly steal that data and use it against you. If you must click on a shortened link, even for those coming from trusted sources, you should make a point of placing your mouse over the link to confirm that it is the same link hyperlinked beneath the text. Also, avoid clicking on any links directly from the email and instead copy and paste it to a different window/tab. That makes it much harder for an attacker to read your emails in case he succeeds in infesting your device with malware.

4. Always browse securely

Secure websites are indicated by a security lock icon that appears on the top left-hand side of your browser. Also, the link is preceded by https:// in the browser’s address bar. If these two features are missing, it is advisable to leave that website ASAP, and if it requires you to enter or submit sensitive data, please don’t. In the same vein, always avoid submitting sensitive information online using unsecured or public Wi-Fi. Your private information such as credit card details and healthcare information are extremely vulnerable, so make sure that you guard it wisely.

5. Training Your People

Newsflash: Your team members aren’t cybersecurity professionals. The HR, shipping, sales, accounting, and other departments are filled with people who may not know anything about data security. Therefore, you have to train these workers on how to handle phishing attempts if they happen. Ongoing security awareness and simulated phishing training is highly recommended for all users to keep security top of mind throughout your organization. Many people and companies lose data and sensitive information to hackers due to their negligence and poor data security practices, but these 5 tips above will help you defeat one phishing threat at a time. Remember, cyber-criminals are getting more creative by the day, and so it's vital that you educate yourself and your company on all the ways they can harm you. Even if you aren’t as tech-savvy as they are, you should do everything in your power to make their job as hard as possible. For more information on phishing training for your company, please contact your PACE Technical Business Advisor (Client Strategist). If you're not one of our clients, but you're interested in hearing more about defenses against phishing threats, then give us a call at 905-763-7896 or email [email protected] and we'd be happy to advise you.