TECHNOLOGY
KEEPING BUSINESSES SAFE
FROM PHISHING ATTACKS
By Robert Hessel
IT department for clarification.
Is there a strangely worded email from
someone claiming to be your financial
advisor? Perhaps invoices are being sent
from a strange email address, asking for
payments in odd ways. Generally speaking,
if there is the slightest uncertainty, the
identity of the sender should be confirmed
to avoid a malicious attack.
Another effective way to combat
phishing emails is to block all external
emails on your internal servers. If your
IT department is able, setting up spam
blockers is also a good way to avoid
phishing. Applications at spamtitan.com or
mimecast com would be good considerations
for this task.
You could also build a sort of internal
stamp for all of your employees to
automatically add to the end of all of
their emails. Think of ways to differentiate
your legitimate, internal emails from
potential spoofs. What mark can your
108 TAMPA BAY MAGAZINE | NOVEMBER/DECEMBER 2020
team apply that malicious third parties
would never have access to? In addition
to these measures, ensure that each team
member’s malware and virus protections
stay up to date.
Your plate is already extremely full;
however, your consideration and attention
to this issue will pay off in the long run,
even if you delegate the logistics out to
your IT department. A bit of training
and prevention will go a long way to
protect your business from the effects of
a successful phishing attack, especially
when the implications can be as serious
as a CryptoLocker infection. Protect your
livelihood with prevention measures
and education. Don’t become one of the
statistics. 9
EDITOR’S NOTE: Robert Hessel at Source 1
Solutions can be contacted at (727) 538-4114
or by visiting source1solutions.com.
Since the majority of businesses are
managed through online services
and features, it’s impossible for your
company employees not to see a
single phishing email. Your job as the
leader is to ensure that your management
and other employees know how to both
recognize and respond to these targeted
attempts to steal information, and in some
cases, money.
Your first step should be to host
regular training sessions. Sites such as
knowbe4.com can be useful in this endeavor.
Regardless of what platform or method
you use to deliver education, provide
detailed information or keep employees
up to date, you must educate them on
the different “tells” of a phishing email
(or other type of contact). You can also
develop monthly test emails meant to
replicate the types of phishing attacks that
you have seen and that your employees
are likely to see. Start with the information
here, and add to it depending on what
type of business you run.
Reputable companies will not request
login credentials directly through emails;
whenever an account is compromised,
there will usually be a notification email
that requests you to follow a link to reset
your password. Some phishers will create
replica websites that trick users into
entering their username and password
or billing information. Look very closely
at the web address within the email. You
can hover over links or right-click to copy
the link address, then inspect it in notepad.
Since attachments can hold any number
of malicious lines of code, it’s extremely
important to only open attachments
with extensions you are familiar with.
There should be little reason to suspect
anything negative from a .txt file, whereas
.exe files should be handled much more
carefully, if at all. When in doubt, train
your employees to make inquiries to the
ADVERTORIAL
/spamtitan.com
/source1solutions.com
/knowbe4.com