Phishing is responsible for a staggering 90% of data breaches. [iStockphoto]

How can businesses prevent phishing?

Some businesses are more appealing to fraudsters than others when it comes to the target of phishing attacks. Financial service providers such as banks and credit card companies spring to mind.

Here are some steps that such businesses can take to help protect their customers.

  • Implementing multi-factor authentication makes it harder for criminals to bypass these processes - though not impossible.
  • Configuring email security technologies - Email services can also implement email authentication technologies that verify where messages originated and can reject messages that are spoofed. Check with your provider to see what security options are available.
  • It is also important to remember that an organization's defences are as strong as its "weakest" employee: A staff member who falls for phishing scams is enough to unwittingly bring down a business. Educate both customers and employees about what phishing is and what they should look out for. Ensure your customers know which bits of information you will never ask them for.
  • Always check email and message sources and IDs, from email headers to URLs.
  • Deploy and maintain anti-virus software - If the phishing attack aims to install malware on your computer, up-to-date anti-virus software may help prevent the malware from installing.
 The cybercriminal reaches out in the hope that someone will "bite" and engage in conversation with them. [iStockphoto]

What should you do if a phishing attack is successful?

If you believe you may have fallen victim to a phishing attack, here are some suggested steps:

  1. Change any affected passwords - If possible, immediately change the password for any affected accounts. If this password was also used for other online accounts, change the passwords for those accounts to something unique and strong.
  2. Contact the fraud department or the information security department of the breached account - If the phishing attack compromised your company's account at a financial institution, contact the bank immediately to report the incident. Monitor unauthorised transactions to the account.
  3. Notify appropriate people in your company - follow your company's incident response plan to ensure the appropriate personnel are aware of the incident.
  4. Notify affected parties - if the personal data of others (e.g., customers, suppliers) was compromised, be sure to notify them. Compromised personal data could be used for identity theft.
Phishing Cybercrime Cyber Attack Cyber theft
Previous article
Explainer: What happens when a State officer ignores court summons?
Next article
Explainer: Why you need your husband's consent to reclaim your maiden name