How to Prevent Phishing Attacks As A Business IT Leader | CDL
Coronavirus Update Learn More
Customer Portal
01925730033

How to Prevent Phishing: What Business IT Leaders Need to Know

With working from home now a deeply entrenched part of our 9-to-5 lives, we’ve had to become accustomed to a new set of challenges – from ensuring we stay productive to making our work/life balance more distinct. One area that we may have ended up neglecting, however, is our approach to cybersecurity.

At the beginning of the coronavirus pandemic, and the resulting shift to working from home, many businesses may not have taken the time to educate their employees on proper security protocol. Amidst the confusion and disarray, we’ve seen a large surge in the number of phishing attacks, with scammers taking advantage of weak links in a business’ security provision.

And, it’s perhaps easy to see why: employees across the globe have moved from the trusted, secure networks of their office to remote locations. As these networks broaden across locations, it makes them more difficult to secure, giving cybercriminals the opportunity to exploit vulnerabilities.

So, while we socially distance ourselves from each other, it’s crucial that we shield our work networks from scams, cyber attacks and phishing scams too. Here, we’ll offer IT leaders – and employees themselves – some practical advice for safeguarding their operations during these challenging times.

 

Quick Links

 

hacker looking at computer code

 

What is a phishing scam?

Although IT leaders will be well versed in what constitutes a phishing scam, it’s important that everyone stays educated on this matter. Employees may have heard the term before but may not necessarily know what phishing entails. As a leader, it’s a good idea to inform the rest of the company as to its definitions, so they know what it is they’re supposed to be vigilant of.

As for a basic definition, let them know that phishing is a type of cybercrime whereby an individual is contacted by someone pretending to be an institution, organisation or individual to get confidential information about them. Such information includes passwords, banking details and personal data, which is then used to access the accounts of the target – often leading to significant financial losses. When targeting businesses, such attacks can also lead to the loss of sensitive company information.

Traditionally, phishing scams happened over email. However, the means with which cybercriminals carry out their attacks have developed. Lately, there has been a rise in the number of phishing scams carried out via text message (smishing) and phone calls (vishing), so make sure your colleagues don’t fall foul of these instances either.

 

close-up of hacker

 

How can you prevent phishing attacks while working from home?

Know the telltale signs of a phishing email

Make sure your staff are kept abreast of what a phishing email looks like. Often, there are several giveaways that instantly expose a phishing email for what it is, including:

 

woman looking concerned at her laptop

 

Be mindful of the texts you receive

If your work-related texting has increased as a result of working from home, then watch out for SMS-based scams that attackers are taking advantage of. Clicking the links contained within leads to malware being installed on employees’ phones, with the stored information ripe for the picking as a result.

To protect against this, encrypted messaging apps that provide end-to-end encryption for work-related communication can be used instead. Additionally, setting up specific protocols for work-related texting can help here too – not texting passwords or other sensitive information, or never sending files via text, for instance.

Keep your VPN turned on

Short for virtual private network, a VPN protects the data you send and receive whilst working remotely, providing a secure link between employees and businesses by encrypting data. It’s important, therefore, that you always keep your VPN turned on. They stop cybercriminals from seeing what you do during your core business hours, which more often than not includes sending or receiving financial information, strategy documents and customer data. A VPN ensures that such information is properly protected.

 

stressed out male working on laptop

 

Use a password manager

It’s best practice to have a password manager in place anyway, but perhaps more so for when working from home. They keep all your accounts safe by storing difficult-to-guess passwords for you. This ensures that employees don’t keep using the same passwords for multiple accounts. Additionally, many password managers allow administrators to set policies which require passwords to be of a certain complexity and length, and to be updated after a certain amount of time.

 

What is delayed phishing?

An emerging threat that users should be aware of, delayed phishing involves luring the target to a fake site using a technique known as Post-Delivery Weaponised URL. This method replaces online content with a malicious version after the delivery of an email linking to it. As a result, this fools algorithms, who find the URL in the text, scan the linked site, ostensibly see nothing dangerous there, and allow the message through.

After the delivery – and typically before it’s been read – the attackers change the message links or activate malicious content on a previously harmless page. The new content could be a malware attack, but usually it’s a phishing site.

 

hands typing on laptop

 

This means we have to be especially vigilant of content that may look innocent enough. As well as the tips we mentioned above, rescanning the inbox is usually the best method. If your business uses a Microsoft Exchange email server then this is doable. Kaspersky Security for Microsoft Exchange Server supports mail server integration, allowing for the rescanning of messages already in mailboxes. When properly configured, the scan time ensures detection of delayed phishing attempts without putting undue stress on the server during peak mail times.

CDL is one of the UK’s leading IT disposal companies, working to help private and public businesses and organisations safely retire and recycle their outdated IT assets. To find out how we could help your business, or more of the latest tech news and advice, visit our homepage or call our team today on 0333 060 2846.

Related posts

17th November 2020
Exploring the History (and Future) of Wearable Tech
17th November 2020
Different Cloud Platforms Compared: Which is Right for Yo...
22nd October 2020
IT Recruitment Guide: How to Attract and Retain Top Talent