Best practices to avoid email phishing

Email phishing continues to be a threat despite the fact that more people than ever are aware of it. This is because cybercriminals have gotten creative with it, using sophisticated social engineering techniques to dupe people into giving up their personal information.

Despite the advances in phishing techniques, there remain reliable ways to keep them at bay. It requires a proactive, diligent approach to every facet of IT security — especially with regards to your organization’s end users. Here are some ways you can fight off email phishing:

1. Install anti-phishing tools

Make sure all your company’s computers have firewalls and antivirus software. Also, check that your workers use popup blockers and anti-phishing toolbars in their browsers. Vet and prepare devices prior to allowing them to have company network access. Your IT provider should make sure all laptops have the necessary computing power to run your chosen security programs. These devices should also have antivirus and antimalware software installed, and have pre-configured browsers so that all popup blockers and anti-phishing tools are turned on.

Some companies may have bring your own device (BYOD) arrangements, wherein employees are permitted to use their personal devices to access company files and networks. These devices should also be configured according to company security standards, and they should meet minimum hardware and software requirements before they can be allowed for BYOD use.

2. Stay up to date

Having all the latest and greatest anti-phishing tools will not do your business any good if you neglect to update firmware and software as soon as these become available. Many employees still view updates as an obstacle to their productivity, but the reality is that failing to update will likely hurt productivity more than installing updates right away.

Cyberthreat developments come at a fast pace, and there are new threats being released everyday, so it’s critical to always patch security updates in as they come.

3. Think before you click

Be judicious with the information you send out. Cybercriminals are more daring these days, and they’ll seek to leverage what little information they could glean from you to learn more about you. For instance, they could spam your mobile phone number with legitimate-looking messages to try to trick you into accessing a phishing link. Or, they can use your birthday to attempt to log into your email account.

Any information that could be linked to you can be used against you. So before you hit send on any email, make sure that you are only sending it to recipients you mean to communicate with. Also, make sure that these emails contain only information that you are fully comfortable sharing with the recipient. Lastly, make sure your email signature only contains information that is okay for public consumption. Only use your professional contact details for email signatures.

4. Verify everything

Lastly, double check everything. There are times when it’s difficult to tell which email senders and recipients are legitimate because cybercriminals work very hard to make their phishing sites look as real as possible. These con artists are even able to build websites that will stand up to a side-by-side eye test with a legitimate site. So it would do you well to verify that you are indeed communicating with a trusted source.

The best way to verify is to directly call your recipient or sender to counter-check and to ask about any known phishing attempts with their organization. Doing so can allay your fears of inadvertently sending your personal details to the wrong people. Furthermore, it also informs your recipient to anticipate the arrival of your email so it can be processed expeditiously.

Making sure your employees take all the necessary steps to prevent phishing is a good strategy, but it won’t be enough without ample IT support. Partner with a tried and tested cybersecurity provider like OutsourceIT. Contact us today to learn more.