Phishing scams: Tips to protect your business

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping information secure.

The purpose of a phishing attack is to collect sensitive information to gain access to protected data or networks, often by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks legitimate but is really designed to steal your private information.

Three steps to increase your chances of avoiding phishing scams:

1. Always, always think twice before clicking. When something feels off, it probably is, so practice skepticism if you receive an email, link or file that looks "phishy."
2. Consider the source. Attackers can send emails that look like they're from a colleague's email address, and in some instances, can even take over their email account entirely. If your boss or colleague sends a strange request or doesn't sound like themselves, ask them about it offline.
3. Know your backups. Even if you're vigilant, be prepared defensively in case of a phishing attack. Take standard cybersecurity precautions, like enabling multi-factor authentication on all accounts that offer it, using a password manager to create strong passwords, and backing up your data.

According to Systems Engineer Tiffany Tucker, the No. 1 mistake companies make that leaves them vulnerable is not having the right tools in place and failing to train employees - who possess critical credentials — on their role in information security. She suggests: training employees with mock phishing scenarios; deploying a SPAM filter to detect viruses; keeping all systems current with the latest security patches and updates; and installing an antivirus solution on all equipment.

To learn more, visit AntiPhishing.org and phishing research and defense company PhishMe for resources on phishing scams and ways to protect your business.