Free Enterprise - The FindLaw Small Business Law Blog

Summer Cybersecurity Tips: Don't Go Phishing

It's officially summer, when many of us are heading out of the office and onto a lake, river, or ocean to partake in our favorite relaxing pastime. And while a little fishing can be good for the soul, a little phishing can be bad for business.

Cyber attacks using familiar looking domain names or email addresses or formats can be both difficult to detect and destructive to your company's data and security. So here's how to spot a phishing attack -- and not fall for the bait -- from our archives.

1. W-2 Phishing Scams Target Small Businesses

One of the most recent widespread phishing scams can demonstrate just how insidious these attacks can be. Masked as emails from managers, executives, or whoever in your company would need access to employee W-2 forms, an attack this year was able to fool many small business employees into sending out tax documents containing personal information, including social security numbers. That data can then be sold or used to impersonate an employee or steal their identity. So train your employees well in identifying and flagging phishing emails.

2. Send Fake 'Phishing' Emails to Test Employees?

Should part of that training include testing your employees with fake phishing emails? It might help to teach them a lesson if they're tuning out on specific training sessions or need a lesson in just how sneaky a phishing scam can be. And getting caught red-handed can cause your staff to be more vigilant.

3. What to Do After a Phishing Attack

The best laid plans of management are often not enough to prevent a successful phishing scam. Not only can a cyber attack target your business and employee data, but you may be on the hook or compromise customer information as well. Make sure you update your business's security information, logins, and passwords, run complete anti-virus checks, and contact credit agencies to warn them employees and customers may be victims of identity theft or fraud.

The best way to avoid phishing attacks is to properly train all of your staff on the importance of cybersecurity and how to spot suspicious emails. And you might also want to consult with an experienced cybersecurity attorney as well.

Related Resources: