You are here: Blog Josh Coppage Tip of the Week: Understanding Your Smartphone Battery’s Lifespan

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

How to Prepare Your Team to Fight Phishing

Voyage Technology Blog Security
0 Comments
How to Prepare Your Team to Fight Phishing

While last year saw a significant decrease in its number of data breaches, the number of records that were leaked doubled… and then some. Part of this can likely be attributed to a spike in the use of ransomware, indicating a resurgence in interest of the mean-spirited malware. This means that your business may very well see more ransomware infection attempts coming its way—the only question is, are your team members prepared for them?

To keep your business and its data sufficiently secured, it will be important to teach your team to effectively identify and avoid phishing. One effective way to do it: try and phish them yourself, via a phishing attack simulation.

How Does a Phishing Attack Work?

Let’s go through the basic process of a phishing attack, just as a quick review:

An attacker, posing as someone else, sends their victim a message making some promise or threat that somehow—either through fear or temptation—coerces their contact into reacting to it, usually by following a link or opening an attachment. This methodology allows such schemes to bypass many restrictions set by security protocols and solutions, as the vulnerability it takes advantage of is the human user.

Therefore, when it comes to defending against the phishing attempts that are virtually guaranteed to target your business at some point, your team members need to be prepared. Let’s discuss what you need to teach them, and how to best prepare them to make sure they’ll overcome any they encounter.

Phishing Lessons to Pass On

Remind Them How Hackers Think

It’s important that your users are cognizant of how clever hackers and scammers can be when it comes to their ruses, and how they often take advantage of current events and information. Many phishing attacks as of late have been themed around COVID-19, pertaining to updates, warnings, and offers of personal protective equipment.

Hackers will try to capitalize on user panic and knee-jerk reactions whenever they possibly can to keep these users from thinking before they act. Therefore, it makes sense to have users look more critically at their incoming messages to evaluate whether a message seems “phishy” or not.

Provide Signs of Problematic Links

A favorite tool of these hackers is that of the spoofed link—basically, a link to one website disguised as a link to another. Others will just use a URL that is different but looks passable enough to slip by unnoticed.

These domains can be tricky. Let’s look at a few red flags to keep an eye out for (in this case, the attacker using Amazon as a disguise):

If the email is from Amazon, a link should lead back to Amazon.com or accounts.amazon.com. If there is anything strange between “Amazon” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like amazon.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • amazon.com - Safe
  • amazon.com/activatecard - Safe
  • business.amazon.com - Safe
  • business.amazon.com/retail - Safe
  • amazon.com.activatecard.net - Suspicious! (notice the dot immediately after Amazon’s domain name)
  • amazon.com.activatecard.net/secure - Suspicious!
  • amazon.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

 Some of these things can be challenging to spot, so you and your users need to be extra careful about checking (and double-checking) links.

Give Safe Links to Use

Even better, you could provide your team members with the links they are expected to use when being directed to certain places by their clients, rather than using the links potentially given in an email. These trusted links can be a real lifesaver, particularly when it becomes apparent that an email was an attack that a trusted link has helped your team to avoid.

Enforce Password Practices and Processes

The security of your team’s collective password policies is important for you to address, as these passwords are often the keys to the castle that cybercriminals are phishing for. Therefore, you need to ensure that your team is not only using best practices but are also handling these passwords appropriately, using tools like two-factor authentication wherever applicable and being generally cautious.

Evaluating Their Preparedness

Finally, once you’ve taught them the signs and precautions, you need to make sure that you check their proficiency in following through. To do this, a phishing test is in order.

A phishing test is simply a phishing attack you run against your own business to help identify where your weaknesses are. By showing you which team members are susceptible to an attack, you can correct the vulnerability through training and other assistance.

What Makes a Successful Phishing Test?

To effectively run a phishing test, you should not inform your team that one is incoming—to do so would defeat the purpose of the evaluation. If you do, make sure you keep it vague and never specify when they should expect it—that way, you can avoid skewing your results.

However, you also need to keep basic ethics in mind. Being shady—like some companies have been concerning their phishing “evaluations” in the past (we’re looking at you, GoDaddy)—will not help your security. You want to communicate trust with your team, and hope it is reciprocated.

As for your other security needs, lean on Voyage Technology for assistance. Give us a call at 800.618.9844 to learn more.

Tweet
Tags:
Phishing Cybersecurity Best Practices
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Business Computing Data Productivity Business Software Innovation Hackers Cloud Network Security Hardware Internet IT Support Efficiency User Tips Malware Privacy Phishing Email Workplace Tips Computer Google IT Services Users Collaboration Hosted Solutions Quick Tips Ransomware Mobile Device Cybersecurity Small Business Microsoft Workplace Strategy Data Backup Communication Business Management Smartphones Android Saving Money Smartphone VoIP Mobile Devices communications Backup Data Recovery Managed Service Passwords Managed IT Services Social Media Microsoft Office Upgrade Browser Disaster Recovery Network Tech Term Internet of Things Remote Automation Artificial Intelligence Facebook Cloud Computing Covid-19 Miscellaneous Gadgets Remote Work Windows Server Managed Service Provider Information Outsourced IT Encryption Spam Productivity Employee/Employer Relationship Current Events Holiday Windows 10 Government Office Business Continuity Data Management Virtualization Blockchain AI Wi-Fi Training Business Technology Windows 10 Compliance Data Security Apps Two-factor Authentication Mobile Office Bandwidth App Employer-Employee Relationship Vendor Chrome Mobile Device Management Managed Services Voice over Internet Protocol Budget Gmail Apple Networking BDR BYOD Computing Applications Information Technology Hacker Access Control Avoiding Downtime Office 365 Tip of the week Conferencing How To WiFi Big Data Operating System HIPAA Router Risk Management Virtual Private Network Computers Health Help Desk Analytics Website Office Tips Marketing Augmented Reality Retail Storage Healthcare Password Bring Your Own Device Managed IT Services Windows 7 Social Going Green Patch Management Save Money Microsoft 365 Remote Monitoring End of Support Vulnerability Vendor Management Solutions Cybercrime Customer Service Display Printer Paperless Office Windows 11 Infrastructure 2FA Monitoring Excel IT Support Document Management Remote Workers Firewall Telephone Scam Data loss The Internet of Things Cooperation Free Resource Project Management Images 101 Robot Mobility Telephone System Multi-Factor Authentication Cost Management Settings Wireless Printing Content Filtering IT Management Customer Relationship Management YouTube Meetings VPN Employees Integration Cryptocurrency Modem Hacking User Tip Processor Presentation Computer Repair Mobile Security Virtual Desktop Holidays Data storage LiFi Wireless Technology Data Storage Smart Technology Supply Chain Outlook Video Conferencing Machine Learning Managed Services Provider Virtual Machines Professional Services Money Saving Time Humor Word Managed IT Service Maintenance Downloads Antivirus Sports iPhone Mouse Licensing Safety Administration Vulnerabilities Entertainment Data Privacy IT solutions Star Wars IT Assessment How To Microsoft Excel IT Maintenance Legal Data Analysis Business Growth Gamification Flexibility Notifications Staff Value Business Intelligence Application Legislation Shortcuts Organization Travel Social Networking Google Maps Smart Devices Cortana Ransmoware Techology Fileless Malware Digital Security Cameras Alt Codes Content Remote Working IBM Wearable Technology Memory Vendors Comparison Google Play Be Proactive Health IT Downtime Unified Threat Management Motherboard Data Breach Unified Threat Management Directions Videos Hosted Solution Assessment Electronic Health Records Permissions Workforce Typing Wasting Time Threats Trend Micro Network Congestion Specifications Security Cameras Workplace Strategies Google Drive User Error Microchip Internet Exlporer Software as a Service Competition Knowledge Physical Security Fraud Meta Username Managing Costs Amazon Point of Sale eCommerce 5G Black Friday SSID Google Docs Unified Communications Database Surveillance Experience Virtual Assistant Outsource IT Media Bitcoin Network Management Running Cable Tech Support IT Technicians Virtual Machine Environment User Cookies Monitors Cyber Monday Medical IT Google Wallet Proxy Server Reviews Tactics Development Hotspot Transportation Small Businesses Windows 8 IP Address Laptop Websites Mirgation Hypervisor Displays Nanotechnology Optimization PowerPoint Drones Shopping SharePoint Addiction Electronic Medical Records Language Employer/Employee Relationships Outsourcing Navigation Management PCI DSS Halloween Chatbots Recovery Screen Reader Hard Drives Writing Distributed Denial of Service Workplace Lenovo Gig Economy Service Level Agreement Internet Service Provider Domains Virtual Reality Computing Infrastructure Teamwork Hiring/Firing Evernote Paperless Hacks Server Management Regulations Compliance Scary Stories Private Cloud Identity Identity Theft Smart Tech Memes Refrigeration Fun Co-managed IT Superfish Bookmark Deep Learning Download Net Neutrality Public Speaking Twitter Alerts SQL Server Technology Care Business Communications Financial Data Lithium-ion battery Error History Education Connectivity IT Social Engineering Break Fix Scams Entrepreneur Browsers Smartwatch Upload Procurement Remote Computing Azure Hybrid Work Multi-Factor Security Tech Human Resources Mobile Computing Social Network Telework Cyber security Tablet IoT Communitications Undo Search Dark Web Cables CES Best Practice Trends Supply Chain Management Alert Dark Data Google Calendar Term Google Apps Managed IT Customer Resource management FinTech Buisness File Sharing Regulations

Blog Archive