How to educate employees, schedule phishing training, and implement additional layers of security to defend your apps, APIs, and infrastructure from potential threats. Stay ahead of cybercriminals and ensure a secure holiday season for your business.
With the winter holiday season fast approaching, scams targeting online shoppers will be on the rise. Attackers and bad actors will go to any lengths to get your data and hard-earned cash using techniques, including phishing emails and mobile texts containing links to fake websites designed to look like legitimate brands.
All it takes is one employee or user to open an authentic-looking phishing email or text on a corporate device, click on a link to launch what’s claiming to be a real-life website, and your business could be under attack from ransomware, malware, and other nasty threats that will place your organisation, network, apps, and data in danger.
So, here are six ideas to help educate and protect your organisation and your employees and users from attacks.
- Remind employees and users their work devices shouldn’t be used for personal business, especially shopping.
- Schedule refresher phishing training to coincide with the upcoming holidays. Or send a reminder to employees and users not to access personal email or texts on work devices, especially not to open unsolicited emails or texts. Do not click on links in any email or text. Instead, they should directly access the URL and website of the source company.
- Even if a website, text, or ad may look legitimate and be encrypted—with the little padlock in the URL address—it may be a route to a phishing website. They shouldn’t provide credentials, including login or personal or financial info on the site. Again, they should access the source company’s URL and website directly.
- An email, text, or ad promoting any deal that sounds too good to be true is likely a trap. Don’t click on the provided link. To find the item, always visit the retailer, e-commerce company, or manufacturer’s website. The same goes for items sold out on any website but available—and only for a limited time—from a single source. Don’t click that link!
- Tell employees and users if they receive an email or text about an upcoming delivery that includes a link to track the order, says the order is lost and provides a link to trace it, or provides any other link, not to click the link but to go to the provider’s web page directly and track or trace their order from there.
- Be wary of emails or texts from delivery services asking for a credit card or other personal or financial information to deliver a package. Again, go to the provider’s web page directly to track or trace the order.
Unfortunately, these types of reminders and warnings may not be enough. All it takes is one employee or user to slip up and click a link, and your business can be negatively affected.
That is why it’s always worth having additional layers of security in place – especially to defend what matters most: your apps, APIs, and underlying infrastructure. Organisations should also consider bot protection that can secure web and mobile apps and APIs from automated attacks, which can quickly escalate to advanced emulation of human behaviour.