Best Practices to Avoid Being Caught by Phishing

Posted on December 30, 2020 by RLO Training in Training

 

  In our last blog post, we talked about the dangers of phishing, and the types of scams cyber criminals like to use.  These criminals are constantly finding new ways to compromise businesses.  We hope you implement these best practices, which will help protect your business operations and employees from cyber crime. 

 

Best Practices While at Work

 

  The first line of defense is your people.  All of your employees, from techs, to service advisors, to managers, to office staff, should be aware of the basics in answering email and text messages, particularly if it concerns money requests.

  Be careful when reading or responding to emails or texts from unknown senders.  Do not click on attachments or links.

  Confirm any unusual money requests for checks or wire transfers by calling your usual contact at that company.  You always want to verify that these requests are legitimate.

  You should regularly review how your account information is updated, or how your payments are approved, both for employees and for vendors.  If you receive a request to change your account information, reach out to that vendor or company through a different channel than the original inquiry.

  All of your personnel should go through compliance training and security awareness updates — if your staff is educated about the latest criminal techniques, it will mean that they are less likely to fall victim to it, and more likely to detect suspicious activity and respond correctly.

  For employees who are most likely to be targeted, such as general managers, payroll staff, human resources, etc., you can offer more in-depth training.  Likewise, you should be providing ongoing security training or certifications to all IT personnel. 

  In fact, if you do not have a designated employee whose job it is to handle IT, you may want to consider hiring an outside IT services provider for additional help.  If it falls to one of your other employees to also handle IT part time, they are less likely to properly monitor the security of your IT infrastructure.

  Make sure you are regularly testing your security systems and processes and updating them where necessary.  We recommend conducting a risk assessment to identify potential internal and external problems. 

  You absolutely must back up all your information and databases regularly.  In addition, make sure that all the software you use has the latest updates and patches, and that your basic operating systems are supported with security updates (upgrade these to newer software if they are too old to have new security updates).

  Keep in mind that any additional devices connected to your network also have to be kept secure and updated, such as your employees’ devices.  

  Regularly update and reevaluate your third-party vendor lists, and any access they may have to your networks.  Ask to review each vendor’s own security and backup processes.

  An email filtering software is very helpful in identifying spam and fraudulent emails.  The filtering software will analyze incoming messages and search for suspicious header and domain information.  For example, an email that supposedly comes from a company executive, but is actually coming from an external account, is an immediate tipoff that you should be verifying this email by calling that executive.

  You might even consider asking criminals’ key targets, — such as payroll, HR, or other financial staff — to limit the amount of personal information they share online, related to your business, including their roles or contact information.  Those types of personal information can be used to prey on employees and gain their trust. 

  Make sure to have a formal process and written plan on how to respond to a data breach.  Include a list of specific people needed as a response team, such as IT, legal, and communications experts.

  Educate your employees about how to keep their personal phones safe, including basic security protocols like password management, automatic software updates, and multi-factor authentication.

 

Tips and Tricks When Working Remotely

 

  Here are a few specific tips for employees working either from home or on their personal devices:

  • Every employee should be aware of your company’s privacy policies, and make it a priority to protect their customer information.
  • Try to avoid printing confidential customer files at home.  If you do have to do so, make sure to keep the paperwork private from family and friends, and dispose of it securely after you are finished with the printouts.
  • Do not allow anyone else, such as family, friends, or customers, to use a work-issued device for any reason, and turn off the device when not in use.
  • When working from home or anywhere that is not your desk, utilize cyber security best practices, such as avoiding public WIFI and charging stations, not transmitting sensitive information over personal devices, and making sure computer and phone screens are not visible to anyone else, including through a nearby window.
  • Regularly back up information on company servers.

  Finally, offer a refresher course on cyber security to all of your employees at least once each year, with information on new and emerging threats and best practices.  Cyber criminals are constantly coming up with new approaches, so there is always something new for your employees to learn, and group training like that can help foster a culture of security across your company.  Likewise, even the most intensive security process won’t work without continual updates.  The safest business is one that’s aware of what’s new.

 

  We hope you have a safe and prosperous 2021!  If you need more help with your business planning, call us at 800-755-0988.  Ask us about enrolling in Guerrilla Shop Management, which begins January 7th.

Written by RLO Training