Print Page

Avoiding "phishing " expeditions in your business

The term "phishing" has become so widely known that it's a wonder such fraudulent schemes are still effective. However, phishing, a term used to describe online account holders being defrauded of financial information -- including their bank account numbers -- by criminals, still occurs to millions of people each year.

Though once considered a crime that went after just individuals, phishing can potentially harm businesses as well. In addition to the negative public relations implications of being associated with a phishing scam, even as a victim of the scam, businesses can now unknowingly enable criminals who can rather easily use a company's Web site to engage in criminal activity.

When a criminal wants to use a legitimate Web site to conduct criminal activity, the scammer will create an illegitimate site deep within the structure of a business' legitimate Web site. Such sites can go undetected for long periods of time, and while active these illegitimate sites can solicit consumers' private information, including credit card numbers. By the time enough people complain that their private information has been compromised, a business' Web site has already been used, its reputation has been damaged and the criminal has accomplished what he set out to do.

Business owners can, however, take steps to reduce their risk of being victimized by a phishing expedition.

•Emphasize protecting the firm's computers. Protecting your company's computers should be of the utmost importance, and it's something that is an ongoing process. Utilize the latest software to filter spam, establish firewalls and protect computers against viruses and spyware. Many manufacturers provide automatic updates with their software, ensuring that business owners' computers will be fully protected with the latest software for years to come.

•Utilize a data security firm. Data security firms can prevent spam and viruses from finding their way into employees' e-mail inboxes and provide reports on how likely you are to suffer a data or security breach. Such firms can also protect servers from hackers.

•Educate your staff. Perhaps no precautionary measure is more important than educating your staff about phishing scams and other prospective data and security breaches. Make sure your staff knows not to sign in to bank or credit card accounts from links they are sent via e-mail. Instead, visit the Web site separately by typing its URL into the browser, and only enter personal information on Web sites with the padlock symbol.

Staff should also be taught to ignore e-mail attachments they aren't expecting. Such attachments may contain spyware software, putting the user's and the company's information at risk. Instruct employees to contact the sender via the telephone when they receive suspicious attachments before they open or download them.

When discussing security with your staff, refresh their memories about specific online security scams, including surveys that promise prizes in return for participation and e-mails asking for financial information.

Data breaches can happen to anyone, even businesses. Emphasizing security and educating employees about potential scams is one way for business owners to reduce their risk of falling victim to phishing expeditions.

Print Page