Your new sales person receives an email that looks like it’s from a large company and states there is a purchase order attached. Even though it looks slightly “off” the promise of a sale is hard to resist, and they open the attachment.
Only it wasn’t really from a customer at all, it was from cyber criminals and that attachment just downloaded spyware into not only the host computer, but throughout your whole connected network.
Phishing emails are designed to trick the recipient into either downloading an attachment or clicking a link, and both come with harmful scripts that can contain viruses or other malware.
And once you’re infected, the costs rise each moment your computers are down and only a vigorous virus removal and recovery plan can restore your office productivity and detect whether sensitive company or client data was breached.
43% of data breaches come from phishing attacks.
According to a Verizon data breach investigation, those fake fishing emails are the main cause for company data breaches, being responsible for 43% of them. Millions of phishing attacks are sent out daily and 1 out of 14 are successful in getting the recipient to click a link or download a file with malicious code.
But with proper training and awareness, your employees can be a human shield against phishing attacks instead of enabling them.
At Connect2Geek we often help companies in Nampa and the Treasure Valley area teach employees how to avoid becoming victims of a phishing email. Employees that aren’t trained in cybersecurity are the #1 cause for data breaches at small and medium sized businesses, but it an easy thing to fix.
Cybersecurity Safety Tips for Employees
Knowing how to recognize suspicious phishing emails and doing some simple double checks before a click or download can go a long way towards keeping your system safe and avoiding the need for a virus removal.
Here are some of our Connect2Geek cybersecurity safety tips that any company can easily implement.
Check the Source Before You Click
Phishing emails often use a stolen logo from the company they’re pretending to be, but there are some signs that the sender isn’t who they say they are if you know where to look.
- Check the email source or header in your mail program to see the actual “from” email address.
- Hover over links, but don’t click them, to see the real URL of the page you’re being sent to.
The Usual Suspects: Impersonal Greetings, Misspellings, and Urgency
Some typical signs that should get your team’s “spidey senses” on alert that this could be a scam email are things like impersonal greetings, poor English and/or misspellings in the text, and urgent subject lines, like “Act now before your account is disabled!”. These are all indicators of malicious phishing emails.
Attachments are a Huge Red Flag
If you receive an email that isn’t from someone you know and with an attachment you are expecting to get, stop before opening it. Even an innocent looking MS Word document can have a dangerous script attached that executes when you open it. Never open attachments unless you’re 100% sure of the source, and even then, using a mail virus scanning program can help keep you safe.
Install Antivirus Software and Keep it Updated
Antivirus scanning software both at the server level and individual device level can help employees avoid accidentally downloading malware into your network. Connect2Geek offers virus removal and installation of antivirus software, we can also keep it monitored and regularly updated for you.
Save Examples and Show Employees What They Look Like
It’s great to recognize a dangerous phishing email and delete that thing right away, but you might want to save a few (without clicking on them!) so you can show employees what real phishing looks like. Then keep that as part of your onboarding and regular cybersecurity training to help your staff know what to look for and avoid.
Sign Up for Phishing and Cybersecurity Training for Your Team!
Do you have a business in Nampa, Boise, or the Treasure Valley area? We can help you with staff cybersecurity training to ensure your first line of defense against data breaches is a strong one.