Cybersecurity Month in 2021 shines a spotlight on the increasing risk of phishing attacks, one of the most common and costly cyber crimes impacting organizations across industries. The goal of phishing is to steal money, identities or hack into internal networks through texts, email, phone calls and social media messages that manipulate people into disclosing personal or confidential information. Scammers are continuing to exploit the COVID-19 pandemic with phishing and malware campaigns related to the Delta variant, vaccinations, booster shots and relief programs.
A recent report by Ponemon Institute found that the average annual cost of phishing for US organizations has jumped from $3.8 million in 2015 to $14.8 million in 2021. Beyond the financial impact, phishing attacks lower employee productivity and increase the likelihood of data breaches and business disruptions.
As part of a comprehensive data privacy and information security program, conducting ongoing phishing awareness training is a proactive way to change employee behavior and keep sensitive information out of the hands of criminals.
These 10 tips can help reduce the risk of phishing attacks:
- Whether it’s an email, text message, call or social media message, employees should pause and take time to think before clicking, opening or responding to any message, especially when working remotely.
- Be suspicious of all “urgent” requests or demands for immediate actions that require login credentials, payment information or sensitive data such as bank account information, credit card number and date of birth.
- Look for misspellings and odd phrases. Phishing attacks often include messages with typos or grammatical errors.
- Look out for generic greetings such as ‘dear valued member’ or ‘dear customer.’
- Don’t click on links you get on your phone unless you know the person they’re coming from; and check with the person to verify.
- Hover the cursor over a link to see the address. If it’s different from the URL in the message, it’s probably a phishing email. Look out for variations, such .com and .net.
- Retype the website address into the browser instead of clicking the link in the email. Don’t copy and paste — it can be deceptive and add risk.
- Use strong passwords and don’t reuse passwords across systems.
- Keep antivirus or other security software up to date.
- If you suspect a phishing attack, immediately contact the IT department, cyber security manager or other designated person.
October is National Cybersecurity Month, another important reminder to educate employees on how to recognize phishing scams and other cyber crimes, and best practices for keeping their devices and networks safe.
Sign up for a free trial of our Recognizing and Preventing Phishing Attacks training: