Going Phishing…

Who hasn’t heard the term “phishing”? In some respects, it could be described as being symptomatic of our times, when it feels that there’s always someone out to cheat you. Equally, who has been the subject of “phishing”? If you haven’t received an email from an immensely wealthy and indecently kind person in Nigeria who wants to give you money, you’re an exception. Just phishin’…

Phishing, though, shouldn’t be shrugged off as being a simple attempt at theft. When someone attempts to phish in your organisations pond it’s time to take it very seriously, because if someone opens one of those phishing emails it could place all your data and networks at risk. Here are some top tips to combat this:

1.???Educate your staff as to the danger of opening any unsolicited or unrecognised emails. Warn them not to download anything unknown from the internet. Importantly, tell them that if they know they’ve inadvertently been phished to let you (or whoever looks after your IT) know immediately, so passwords can be changed and systems checked for malware. Let them know that they won’t be in trouble!

2.???You could also help your staff by telling them about the more obvious tell-tale signs of a fraudulent email. Bad spelling and grammar; fuzzy logos; an inaccurate or suspect sender’s email address; generic terms of address, such as Dear Colleague or even Dear Sir, when that sender usually addresses you by name, these are all clues. And, of course, no reputable organisation will ever ask for personal or financial details on-line.

3.???Look at your own internal procedures. What level of access do you allow your various members of staff have to your systems and data. Does the sales team need access to financial information, for example? The more limited the levels of access, the less damage any successful phisher can cause.

4.???Take a look at how you present yourself to the public. Having a high profile might be good for sales, but it’s not necessarily good for security. A policy of openness and accessibility can have its price. Phishers can only find out what you tell them, you may find an external security audit to be a worthwhile investment!