Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping information secure.
The purpose of a phishing attack is to collect sensitive information to gain access to protected data or networks, often by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks legitimate, but is really designed to steal your private information.
3 steps to increase your chances of avoiding phishing scams:
- Always, always think twice before clicking. When something feels off, it probably is, so practice skepticism if you receive an email, link or file that looks “phishy.”
- Consider the source. Attackers can send emails that look like they’re from a colleague’s email address, and in some instances, can even take over their email account entirely. If your boss or colleague sends a strange request or doesn’t sound like themselves, ask them about it offline.
- Know your backups. Even if you’re vigilant, be prepared defensively in case of a phishing attack. Take standard cybersecurity precautions, like enabling multi-factor authentication on all accounts that offer it, using a password manager to create strong passwords, and backing up your data.
According to Systems Engineer Tiffany Tucker, the No. 1 mistake companies make that leaves them vulnerable is not having the right tools in place and failing to train employees – who possess critical credentials – on their role in information security. She suggests: training employees with mock phishing scenarios; deploying a SPAM filter to detect viruses; keeping all systems current with the latest security patches and updates; and installing an antivirus solution on all equipment.