Many cyberattacks start with an email. You receive a message from someone within your organization or an email address you recognize and don’t think twice about the request. According to AAG IT Services, there are 3.4 billion phishing emails sent daily in 2023.
A phishing email typically leads to a website where you are prompted to enter personal or sensitive information like passwords, social security numbers, or company credentials. By responding to a phishing attempt, you could inadvertently give crooks access to your business networks, bank accounts, and more. Phishing emails will often try to evoke fear that your computer has a virus or that there is an urgent need to complete a request. This can cause employees to frantically click without confirming the email is legitimate.
Consider utilizing the following safeguards to protect your business from imposter emails:
1. Train Employees on Cybersecurity Basics. Creating policies and requiring new employees to complete cybersecurity training is an important first step in keeping your business safe. Partnering with a third-party security training company may be a valuable investment. Instruct employees to be wary of suspicious emails and ensure they know to hover over links and review the address before clicking. Your employees should also know to alert you or your IT department to any suspicious emails, and they should be apprised of best practices for company passwords. Keep cybersecurity at the top of their minds by frequently providing tips and reminders.
2. Invest in Email Authentication. This is a technical solution used by organizations to set rules that dictate which messages are accepted. Once implemented, a mail server will scan every email that comes through to determine if it is a risk. The server will then reject, flag, or deliver the email. Many times, all emails coming from an external domain will contain a caution message for the user even if it is delivered
3. Keep Software Up to Date. Require employees to update software as soon as a new version becomes available or have your IT team schedule an update on all computers within the organization. Configuring systems to update automatically is likely your best solution if it does not interfere with your business processes.
4. Protect Remote Devices. Require employees to use secure connections, such as an encrypted router, whenever they connect to your company’s network whether at home or in the office. Encryption ensures information cannot be decoded even if it is intercepted. Only allow employees to connect to public Wi-Fi on a company device when also using a virtual private network (VPN) to encrypt traffic between the computer and network. This is often referred to as a remote login or desktop.
5. Enable Multi-factor Authentication. Multi-factor authentication requires an additional verification step after a user enters their password. The most common MFA method is sending a one-time code to a mobile device or email account that is generated when the account is being accessed. Other examples could be biometrics like a fingerprint or tracking the location of the user's IP address.
6. Create a System for Reporting Suspicious Emails. Train employees to alert your IT department of all suspicious emails received. The sender can then be blocked by the server so no one else will be fooled. You can also report emails that have been identified as a scam to the FBI's Internet Crime Complaint Center to warn others of the attempt.
7. Alert Staff of Confirmed Phishing Attempts. Let your staff know of any confirmed phishing emails that have come through your business. That way, they can let you know if they were impacted, or if they offered up any sensitive information. This can help you more accurately evaluate the potential impact to your business and help you determine key next steps.
The best way to help prevent your employees from falling for an email scam is to keep them informed and aware. Working together to spot fake emails can protect all of you. For more information and tips on keeping your business secure, visit BankFive’s Security Center.