Identifying well-made phishing scams can be tricky. Most often, they look real and the content included tends to be relevant to us, i.e., messages related to our hobbies, subscriptions, newsletters, etc. They target individuals, companies, and even governmental institutions.
The good news is that I’m here to guide you through the steps to keep your company and individual accounts in tip-top cybersecurity shape. We’ll start with a phishing quiz and later I’ll introduce some security tips.
By the end, you’ll learn enough information about avoiding phishing attacks to secure your accounts and prevent these malicious scams in the future. It’s never too late to start, so what are you waiting for?
How to avoid phishing attacks
For effective cybersecurity results, we must take a multi-layered approach. We must secure all assets, including personal information, with appropriate protection layers. In this way, we can lessen the chances of being attacked on our personal and/or business accounts.
For personal safety:
Use strong & unique passwords for each account
I can’t emphasize this more. Even if just two of your accounts use the same password, the security of all your personal information is put at risk. If you can’t come up with a strong password that’s at least 14-16 characters long and includes symbols, letters, and numbers, use a password generator.
Also, using a password that was leaked in a data breach increases your chances of getting hacked. If you aren’t sure whether or not you’re using a breached password, I suggest checking it with Surfshark Alert.
All you need to do is type in your email (or emails) in the space provided to find out what information (if any) is leaked. Once the data loads, you’ll know whether or not you should change your password(s)!
Get a reliable password manager
If you have a memory like me, it’ll get challenging to remember all your unique passwords. In that case, I suggest saving them in a password manager like Keeper or Dashlane. If you’re looking for a free yet secure alternative, try out Myki, LogMeOnce, or Bitwarden.
Activate 2FA, always
2FA (two-factor authentication) is a technology that adds an extra layer of security on top of your unique and strong passwords.
There are two types of 2FA – the first is receiving a code sent via text message straight to your phone. The second option is downloading a third-party authentication app that generates unique login codes for you.
While both options are great, I suggest sticking to the second one, where the app itself generates a code for you rather than sending it by SMS. Why is it better? Because if a hacker does take that extra mile to hack your phone, they’ll be able to see every 2FA code you get through SMS.
For company safety:
Each time a business falls victim to phishing attacks, it can cost billions of dollars for them to recover from it. According to Purple Sec, the #1 threat that will continue attacking businesses is ransomware (a type of malware). In 2020, they estimated that companies spent up to $20 billion dollars recovering from these cyber attacks.
Employees are at the forefront of scams. Hackers know this very well and take advantage to target them first. GreatHorn, a risk management platform, suggests that taking a phishing quiz or phishing IQ test can help train employees.
They also advise taking additional steps to properly prepare employees, including the ones below.
- Raise awareness through phishing training sessions. Most people are aware of what phishing is but don’t know what to be vigilant about. To increase the security of your business, it’s important for employees to learn how to spot and avoid various phishing attempts.
These types of training should cover all the basics of phishing, including:
- Types of phishing
- How phishing happens
- Risks on a personal and corporate level
- Variety of methods used to phish
- How threat actors find and use stolen info
- Test employees with phishing simulation
The key here is learning through experience. After taking the initial step in receiving a handful of useful information and what to search for in fake emails, employees should be ready for the next step.
- Share a fake phishing attempt. Of course, keep in mind not to pose any risks to your business’ security. By doing this simulation, you’ll get insight as to how well employees respond to “real” phishing and where their skills need to be improved.
It’s never too late until you’ve bitten the bait
Threat actors and their phishing attacks will continue to improve with technology. Cybersecurity company, PurpleSec, predicts that malware threats will continue to rise in 2021 with the “goal of infecting specific industries: Education, Mining, Transportation, and Energy, to name a few.”
No matter the industry, every individual and business must be aware of phishing. Being properly educated can help avoid great loss of assets, time, and money. Take our phishing quiz above to test your skills out or read more about it in our blog.