8 Steps to Preventing Phishing Attacks
Preventing phishing attacks can be as easy as educating officials at your institution on cybersecurity best practices.
The HHS’ Office for Civil Rights sent a newsletter out giving tips to aid institutions as they work toward preventing phishing attacks yesterday.
A phishing attack is typically an email-based cyberattack designed to trick individuals into revealing sensitive information. The email typically contains a link that could automatically download software onto the user’s computer or direct a user to a deceptive website prompting them to enter sensitive information.
“Phishing is one of the primary methods used to distribute malicious software, including ransomware,” the OCR email states. “Individuals must remain vigilant in their efforts to detect and not fall prey to phishing attacks because these attacks are becoming more sophisticated and harder to detect.”
The people behind phishing attacks may take advantage of things like holidays, tax refunds or other events to impersonate legitimate sources.
Below we run down eight ways people in your organization can help you prevent phishing attacks.
1.Stay skeptical of unsolicited third party messages seeking information.
If something seems odd or you’re suspicious, call the business or person that sent the message to verify they sent it and the request is legitimate.
2. Be wary of electronic messages even from recognized sources.
Messages from co-workers or supervisors as well as from close relatives or friends could still be sent from hacked accounts.
3. Use caution when responding to messages sent by third parties.
Links within listings of contact information listed in phishing messages could be used to download malicious software onto your computer or take you to a malicious third party site. To verify the contents of a message, use known good contact information or, for a business, contact information directly on their website.
4. Be wary of clicking on links or downloading attachments from unsolicited messages.
Phishing messages could include links that direct people to malicious websites or attachments that execute malicious software.
5. Be cautious even of official looking messages and links.
According to the OCR, “Phishing messages may direct you to fake websites mimicking real websites using website names that appear to be official, but which may contain intentional typos to trick individuals.”
6. Use multi-factor authentication.
Muti-factor authentication decreases the chances someone could hack your account using only your password. We reported that about half of all hospitals in the U.S. used two-factor authentication to protect electronic protected health information (ePHI) in 2015.
7. Use anti-malware software and keep them (along with system patches) up to date.
If someone in your organization does fall prey to a phishing cyberattack, anti-malware software can help prevent a hack, and ensuring system patches are up to date decreases the likelihood that malicious software could exploit vulnerabilities.
8. Back up your data.
If malicious software is installed on your computer you want to have a current backup of your data.
“Malicious software that deletes your data or holds it for ransom may not be retrievable,” the OCR states. “Robust, frequent backups may be the only way to restore data in the event of a successful attack.”
Officials should also make sure they test backups by restoring data often.
Other Resources for Preventing Phishing Attacks
Other resources for preventing phishing attacks include the Federal Trade Commission’s consumer protection information, the FBI’s information on spear phishing and this DHS video on preventing phishing attacks:
We hope these resources help!
Add Another Layer of Protection to your Campus
If you’re responsible for protecting a campus — whether at a hospital, K-12 school, college or university — then Campus Safety magazine is a must-read, and it’s free! As the only publication devoted to those public safety, security and emergency management personnel, issues cover all aspects of safety measures, including access control, video surveillance, mass notification, and security staff practices.
Take advantage of a free subscription to Campus Safety today, and add its practical insights, product updates and know-how to your toolkit. Subscribe today!