Protecting your business (and yourself) from phishing (Part 3)

We’ve looked at how to spot phishing emails and what to do if you get caught by one. In the third and final part of our series on phishing, we’re going to look at the measures you can take to protect your business – and yourself – from future phishing scams.

Prevention is always better than cure, so here’s what to do to keep your business as safe as possible from the threat of attack by phishing.

Educate your employees

You may be able to spot a phishing email, but can each of your employees? Any of your members of staff has the potential to bring down your IT systems with a single ill-advised click, so it’s vital to make sure they all know what signs to look out for.

As well as giving them a masterclass in how to spot phishing emails and stressing the importance of never clicking suspicious links or attachments, it’s a good idea to update them regularly on the latest forms phishing emails are taking.

Education is the best way to prevent phishing attacks from succeeding.

We’d also recommend that you run regular phishing simulations for staff – this helps to keep people alert, whilst highlighting where further training may be needed.

Have the right cyber security measures – and keep them updated

Make sure your business is a protected as it can be: antivirus software, email filters and firewalls are all vital defences against phishing scams, and you’ll need to make sure you act immediately to update them when a new version becomes available. To reduce the risk of your employees visiting harmful websites, you can also set up web filters.

If you are a Microsoft 365 user, you could look at implementing Microsoft Defender for Office 365 which has a range of features to help. We blogged about that here.

Keep up with updates and backups

It’s not just your cybersecurity software that needs to be kept updated to ensure maximum protection for your business: all your software does. Keep on top of updating it as soon as possible after new versions are released, as these often contain important security patches. This should include your operating systems, browsers and apps, as well as any other software your business runs.

It’s also important to take regular backups of all your systems so that you can get them back up and running with minimal damage should the worst happen.

Implement good password practices

If your business doesn’t yet have a password policy, it’s time to get one in place, pronto. It should include the requirement for all employees to change their passwords on a regular basis, and for passwords to be a minimum length and level of complexity. They should also be asked not to use the same password in more than one place.

While you’re at it, it’s a good idea to implement multi-factor authentication for when employees log in to company systems. By adding an extra layer of security, it’s much less likely that attackers are able to gain access to your systems, even if they manage to get hold of a password.

Report phishing emails

Help wage war on phishing emails by reporting each one you receive. The National Cyber Security Centre has a Suspicious Email Reporting Service, which you can use by emailing report@phishing.gov.uk.

If you use Microsoft 365, there is an Outlook Add-In you can deploy to all users to make reporting phishing e-mails very easily.

Get an IT support team in place

An IT support team is an invaluable source of support when it comes to protecting your business from phishing. Here at deeserve, we’re here 24/7 to help with disaster recovery, so we’ll be able to get your systems back up and running in record time in the event of an attack. If you don’t yet have an IT support team to call on in an emergency, call us on 01509 80 85 86 or email hello@deeserve.co.uk.

Posted on: 1st August 2022.