25 Nov 2020
Home » Big Idea Tech Blog » Blog » Protect Your Organization from Phishing Attacks

Protect Your Organization from Phishing Attacks

Phishing scams have become more and more common.  We are all bombarded by “Bad Actors” attempting to steal our information.  By utilizing the latest technology, training your users and monitoring their activity, and using sound judgement, attacks can be mitigated to protect your organization.

The Big Idea Technology team includes fully certified Security Engineers to protect our clients and guide them in the best security practices.   Technology is not enough.  Securing an organization is a team effort.  Users must be trained in what is acceptable and what is risky behavior.  With the right technology in place and a staff trained in how to spot these attacks, an organization can mitigate its risk.

Phishing email types

    • Infected Links and Attachments. Over 90% of all infiltrations start with someone clicking on a link or attachment that is corrupt.
      • “Bad Actors” send emails and text messages in an attempt to trick you into giving them your information.
    • They alert you that there is suspicious activity on your account. “Please log in here to secure your account
      • This is an attempt to capture your username and password, giving full access to your account.
    • You are sent a fake invoice with a link to “pay it now to avoid further action against you”
      • This is simply an attempt to steal your money and your credit card information.
    • You are presented with an unbelievable offer or you have won something.
      • If it sounds too good to be true, it probably is. Do not be fooled by this.
    • You are offered something for free.
      • Again, this is likely not true.
    • You are eligible for a government program you did not know about, possibly related to COVID-19.
      • The government does not distribute information by random email. Check with official government websites or your local municipalities
    • Hackers are very creative. Suspect all emails and if you are unsure of its source, contact your IT Administrator.

How to spot a Phishing email

    • Hover over all links but do not click, check that the target website is what it claims to be.
    • Check all grammar and spelling. Many hacks come from overseas and use translation software to convert to English.  This software is often inaccurate.
    • The email is from a company that you have an account with, however it is not addressed to you by name. (Dear Sir, Hello, Dear client, etc.) Your vendors know your name.
    • The email instructs you to take action IMMEDIATELY. Do not reply or click on any links.  Contact your vendors directly with the contact information you already have from past statements, the back of your card, their official website or other source.
    • The email is from someone you know making a request that they normally would not ask of you. Hackers are very good at using information from your social media pages to make it look like they are one of your friends or colleagues.  If you get an email like this, contact the sender directly to verify.
    • Overall, use good judgement. Question every email and err on the side of caution.

How to protect yourself from Phishing Attacks

    • Use current Security software. Your IT team should provide you with a safe environment. If you do not have an internal IT Team you can outsource IT Security to Big Idea Technology.  We will monitor and maintain your network while you take care of running your business.
    • Use Multifactor Authentication (MFA) wherever possible. MFA is extremely effective in preventing unauthorized logins.
    • Update all your devices regularly and automatically.  Software vendors constantly release updates to their customers. Most of these updates are security patches.  Install them as soon as they are available.
    • Use complex passwords that are not easy to guess. Do not use your login name, your dog’s name or your favorite sports team as your password.  Also, do not use the same password for multiple logins.
    • Backup your data. Always have multiple backups and make sure at least 1 backup is stored offline.
    • Require formal training for your entire team. Training programs and Phishing simulation software are available to identify the members of your team that are prone to falling for an attack.

If you suspect that you may be a victim of a Phishing or other malware attack, contact your IT Administrator or Helpdesk immediately and disconnect from the internet.

To schedule a consultation on how to protect your organization, visit www.bigideatech.com/contact, email sales@bigideatech.com or call (646) 277-9700.