Phishing is an increasing threat in Australia with the ACCC recording 24,291 reports of phishing attempts in 2018. Phishing is when cybercriminals pretend to be companies or individuals to obtain sensitive personal information. There have been some widescale phishing schemes lately with hackers sending very convincing emails posing as Netflix and Spotify and requesting updated payment information in order to steal credit card details from unsuspecting consumers. You may think you'd never get caught up in such schemes, but they're becoming increasingly common and sophisticated.
Here are 4 ways to protect your business against phishing.
1) Know the signs
Educate yourself and your staff to be vigilant. Some of the key red flags of phishing emails include:
- Unknown sender
- Unexpected attachments
- Unfamiliar links
- Requests for personal information
- Spelling errors
If you have any doubts:
- Don’t click on links
- Don’t open attachments
- Verify with ‘supposed’ sender
- Report to your IT team
There are a number of online training phishing awareness programs that can be helpful too.
2) Set up multi-factor authentication
Multi-factor authentication (MFA) is a great backup in case you do get hacked. MFA requires multiple factors of identification, for example in addition to user name and password, you need to provide additional credentials, like a unique code that is texted to you, an answer to a security question, a fingerprint, or facial recognition. Even if a cybercriminal figures out your password, they'll need access to your device or biometrics before they can actually log on which creates an additional barrier.
Setting up MFA in Microsoft is actually quite easy and can make a huge difference in your security.
3) Monitor your email rules
If a hacker gets into your email or your client’s, they can set up rules to intercept communications and hide any unusual activity. For example they might set up a rule to intercept any emails containing account details, automatically delete them from your inbox and forward it to their own. Check your rules regularly!
4) Educate your clients
Make sure your clients are aware of the dangers of phishing and review all of the above with them as well. It's important that they understand the risks and are just as vigilant. Clearly set expectations with them at the beginning of the transaction so that they know your standard procedure for communication. Include a disclaimer in your communications that emphasise these points as well.
According to recent stats from the ACCC, up to 50% of data breaches are caused by phishing attacks. Don't let your business be the next victim.
If you're looking for secure e-conveyancing solutions, get in touch with us at firstname.lastname@example.org to find out how we can help.