Protect Your Business Against Phishing Attacks

Hackers use phishing and other social engineering tactics to target organizations with legitimate-looking e-mails and social media messages that trick users into providing confidential data, such as credit card numbers, Social Security numbers, account numbers or passwords.  These attacks are at the heart of many of today’s most serious cyberhacks and can put your business and your customers at risk.  With a few basics and ongoing vigilance, businesses can be aware and defend against these attacks. 

E-mail awareness
Every day 80,000 people fall victim to a phishing scam, 156 million phishing e-mails are sent globally, 16 million make it through spam filters and 8 million are opened. 

  1. Reduce unwanted e-mail traffic
    • ​​Install and maintain basic security protections, including firewalls, anti-malware software and email filters
       
  2. Train employees and users on email and browser best security practices, including these key tips: 
    • ​​Resist the urge to click links in a suspicious email; visit websites directly.
    • Be cautious of email attachments from unknown sources. Also, may viruses can fake the return addresses, so even if it looks like it’s from someone you know, be wary about opening any attachments.

Website and software security
99.9% of data breaches were a result of a hacker exploiting bugs that had a fixable patch for at least a year. 

  1. Separate and update computers and software:
    • ​​Keep computers used for social media sites, email and general interest browsing separate from computers used for processing financial transactions.
    • Use basic security tools that block malicious intruders and alert you to suspicious activity, including firewalls, anti-virus, and malware and spyware detection software. 
    • Regularly check that web browsers and security software have the latest security patches and updates
       
  2. Train employees and users on website and browser security best practices, include these key tips:
    • ​​Only install approved applications.
    • Be sure you’re at the right website when downloading software or upgrades.  Even when using a trusted site, double check the URL before downloading to make sure you haven’t been directed to a different site.
    • Recognize the signs that your computer is affected and contact your IT staff or resources. 

Password protection
Password1 was the most common password used by businesses in 2014.

  1. Practice good password hygiene.
    • ​​Change the passwords on computers and point-of-sale systems (including operating systems, security software, payment software, servers, modems and routers) from the default ones the product came with to something personal to you but that is difficult to guess (such as combining upper case letters, numbers and special characters, or using a passphrase).
    • Update system passwords regularly, and especially after outside contractors do hardware, software, or point-of-sale installations or upgrades.
    • Educate employees and users on choosing strong passwords and changing them frequently.
       
  2. Use two-factor authentication.
    • ​​Many of these attacks rely on getting a password one way or another. Requiring another form of ID, such as security tokens, will make it harder for hackers to falsify an account. 

Source: © 2015 PCI Security Standards Council LLC; www.pcisecuritystandards.org
 

Contact Us

or stop in and ask us for current rates and terms.