Three Techniques and Practices that Will Help You Avoid Phishing

 

We want our spam and junk folders to protect us from hackers and their attempts to steal our personal information when we check our emails. With emails about job applications, sales, remote work, etc. on the rise, now is the ideal time for hackers to target you with the slightest act of human error.

Here are some quick facts:

Clearedin.com states,

• A phishing attack affected 83% of organizations last year.
• 97% of individuals cannot recognize phishing scams.
• According to an analysis of more than 55 million emails, one out of every 99 emails is a phishing attack.

What tools does Infiniwiz use to reduce the risk of phishing bait?

• Cybersecurity Awareness and Training 

Infima has a cybersecurity training tool that sends employees simulated phishing emails to see who opens them. The tool will send a report to business owners at the end of the month informing them of which users aren't paying attention to bad emails. This will force a discussion to ensure that they are aware of security and what to look out for when clicking on emails. Although these are simulated emails, if a real one arrives and a user makes the same mistake, attackers can gain access to a company's private information.

Additionally, as part of the training, every three months, employees take an online course and watch videos to learn more about security tactics. These videos teach employees how to identify phishing emails, what to look out for, and what to do if they encounter them while using company computers. Management will be notified on a monthly basis of any employees who fail to watch the offered video content.

Google also has a training quiz to test your awareness of phishing tactics. Take the quiz here:

• Two-Factor Authentication

2-Factor Authentication is now working alongside with passwords in securing private information when logging into specific sites. 2FA is a security method that requires a second form of identification in addition to a password of identification to access a specific software, bank account, or website. If your password is compromised, you log in from a different device, or your password is redundant and a hacker easily figured out the pattern, 2FA will send an alert to the user to enter the code to log in. If the hacker does not have the code because it was sent to your cell phone or email, the hacker will be unable to access any of your accounts.

Read more about 2FA in our previous blog.

• Proofpoint Phishing Alarm

Proofpoint software includes a package that allows users to report phishing, reducing the severity of the impact if an active attack occurs, which will block the sender. This allows Proofpoint to not only document that certain emails are fraudulent, but also ensures that you will never have to deal with that specific sender again. The phishing alarm also alerts Proofpoint to the various methods hackers use to send emails. Proofpoint also has AI learning to give users protection against outside threats. For example, a user can identify webpages that are used within phishing campaigns.

Extra tip:

This is a reminder to be vigilant about legitimacy of emails you receive. Even if you are one of our fully managed IT clients, and we have security measures in place for your organization, some phishing emails still do get through.

It is easy to fake sender's email address, so instead of checking address in ‘From’ field, look to see whether links inside the email use a domain that correlates to the sender's organization. Domain name is a word with a 2-3 letter extension after it. For example: Verizon.com, Facebook.com, or About.us. Please be particularly careful when you get an email asking to enter or reset credentials.

The Infiniwiz technical team in the Chicagoland area takes a proactive approach to your cybersecurity. We set up the right IT protocols and help you put in place the employee procedures that will keep your data and network safe from online hackers. However, make sure to do your part in staying alert.