Teach Employees to Avoid Phishing

Protect Your Business with Phishing Training

Most successful online attacks begin when someone clicks and downloads a malicious attachment from an email, direct message or social media post. These phishing attempts can result in stolen passwords that criminals can use to log in to sensitive accounts to steal data or money. Phishing can also result in the user unwittingly downloading malware that damages systems or installing ransomware that holds systems captive.

Phishing is a serious risk to small and medium businesses who often have fewer resources dedicated to cybersecurity than larger businesses. The good news is that most security breaches are avoidable if people are trained to spot and avoid phishing emails. Are you training your employees?

Employees should be able to identify the basic signs of phishing emails such as strange or unexpected requests, often using alarming language or urging immediate action. These messages often appear to come from colleagues within the company or a trusted source. Malicious actors are improving their techniques all the time, so employees need to repeat training at regular intervals to learn about the latest scams.

Follow These Steps to Avoid Phishing Scams

1. Identify available training resources and train employees how to spot phishing.

You don’t have to create anti-phishing training materials from scratch. Your IT provider, professional/industry organization or a nonprofit may have ready-to-use materials available at no cost. CISA offers many free resources for small and medium businesses. See below for more information.

Require staff to take training and repeat it regularly to refresh their awareness and learn how to spot the latest scams.

2. Alert employees to the risks.

Ask your IT provider, or designate an employee as a security manager, to keep tabs on current events related to cybersecurity. Ask that person to brief you on the latest scams so you can keep your staff up to date between trainings.

3. Develop a culture of awareness.

Don’t just count on once-a-year training to be enough. As a leader, enforcing online safety practices starts with you! Commit to making your business safer by regularly reinforcing “cyber hygiene” like you would other workplace policies. Be sure employees know how and to whom to report suspicious emails or phishing attempts.

CISA has many resources to get your team started with online safety!

Check out this blog with tips on how to avoid phishing attacks.

CISA’s Career Development page has helpful guidance and videos on how to equip your employees to stay safe online.

Other Ways to Protect Your Business

Online criminals are always looking for easy targets. Businesses that don’t take basic precautions are at risk. Take the following steps to make it harder for malicious actors to access your data or trick an employee into allowing access to your systems.