Get All Access for $5/mo

The Phishing Expedition You Want to Avoid This Summer Take these 12 steps to avoid an undesired visitor to your company's information or personal data.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

It's as easy for hackers to phish out your business' personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite.

Malware attacks have become more pronounced than ever against banks. A report "The Invisible Web Unmasked" notes that just from July to September 2013, more than 200,000 new attacks occurred. This was made possible, in part, by the decision makers at banks (and other businesses) who fail to instill an anti-phishing mind-set in employees.

Related: The Internet of Things: New Threats Emerge in a Connected World

Despite the threat of malware attacks, many businesses continue to fail to teach employees about phishing scams, a favorite and extremely prevalent scam of cybercriminals.

One type of phishing scam is to lure a user onto a malicious website. ZeuS (Zbot) is such an example, planted on websites. If a user visits that site, it will download a virus onto a device that will steal the user's online banking information, then forward it to a remote server, where the thief can obtain it.

But that ingenuity is contingent upon an individual's being gullible enough to open a phishing email and then click on the link to the malicious site.

And who are these gullible users? Probably someare your employees. One report by the security training firm ThreatSim says that 18 percent of phishing emails are opened on the job, Eweek reported. People in the workplace are being lured into clicking on a malicious link.

Though some of this might arise when employees are fiddling around with personal affairs on the company computer or mobile device, sometimes this clicking is done because the employee believes that an email is business related.

Decision makers should mandate monthly training sessions for employees to make them phishing-proof.

Without training sessions, employees will be led to believe that their company routinely communicates urgent information to them via emails with links. According to a recent report, one particular phishing operation netted a 27 percent click-response rate.

Another factor in the likeliness that a business's device will become infected is if it has outdated versions of commonly used software such as Adobe Acrobat and Microsoft Silverlight.

Even if you believe that your company's phishing attacks are minimal, a small amount of this type of cyber assault can result in significant costs to a company, involving such things as cleaning up the damage, plus employee downtime during the operation:

Employees should be cautious about the following, according to the Anti-Phishing Working Group:

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

1. Be careful about email from an unfamiliar sender. If it's earthshaking news, notified will probably come in person or via a voice phone call.

2. Don't trust an email from an employee that requests personal information, particularly financial data, or to donate to a charity. Even if the message contains the name and logo of the business's bank, phone the bank and inquire about the email.

3. Be suspicious of an email requesting credit card information, a password or a username.

4. Be wary of an email subject line that's of an urgent nature, particularly if it concludes with an exclamation point. Never rush to click on an email no matter how urgent the subject line appears.

5. Consider never clicking on links in emails. To visit a site, do a web search to find it.

6. Use a password manager to access online statements instead of clicking on the links in estatements.

7. Keep the computer browser up-to-date.

8. If a form inside an email requests personal information, enter delete to chuck the email.

9. Use the most up-to-date versions of Chrome, Internet Explorer and Firefox offer optional anti-phishing protection.

10. Check out special toolbars that can be installed in a web browser to help guard a user from malicious sites. This toolbar provides fast alerts when it detects a fraudulent site.

11. Use anti-spyware, antivirus and anti-phishing software and a firewall.

12. Stay out of the spam folder. Most phishing attempts end up in spam and lots of fish get caught there.

Related: Cybersecurity Basics: Surf the Web Safely With These Browsers

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Growing a Business

How Connecting With the Right Audience Drives Long-Term Business Success

Here's how targeted lead generation can help you unlock higher conversions, stronger brand loyalty and scalable growth.

Business News

'You Own Nothing Here on Social': Meta Outage, Looming TikTok Ban Has Creators Questioning How Much of Their Business They Really Control

With repeated tech outages and a possible TikTok ban on the horizon, creators are looking for new ways to influence. Turns out, one old-school way still reigns supreme.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.

Starting a Business

They Bought an Ice Cream Truck Off eBay for $5,000. Now Their Company Has 70 Shops and Sells Treats in Over 12,000 Stores.

For the episode of "The Founder CEO," the co-founder and CEO of Van Leeuwen Ice Cream explains how one ice cream truck grew into a successful nationwide brand.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.