8 Steps to Preventing Phishing Attacks

Preventing phishing attacks can be as easy as educating officials at your institution on cybersecurity best practices.
Published: March 1, 2018

The HHS’ Office for Civil Rights sent a newsletter out giving tips to aid institutions as they work toward preventing phishing attacks yesterday.

A phishing attack is typically an email-based cyberattack designed to trick individuals into revealing sensitive information. The email typically contains a link that could automatically download software onto the user’s computer or direct a user to a deceptive website prompting them to enter sensitive information.

“Phishing is one of the primary methods used to distribute malicious software, including ransomware,” the OCR email states. “Individuals must remain vigilant in their efforts to detect and not fall prey to phishing attacks because these attacks are becoming more sophisticated and harder to detect.”

The people behind phishing attacks may take advantage of things like holidays, tax refunds or other events to impersonate legitimate sources.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Below we run down eight ways people in your organization can help you prevent phishing attacks.

1. Stay skeptical of unsolicited third party messages seeking information.

If something seems odd or you’re suspicious, call the business or person that sent the message to verify they sent it and the request is legitimate.

2. Be wary of electronic messages even from recognized sources.

Messages from co-workers or supervisors as well as from close relatives or friends could still be sent from hacked accounts.

3. Use caution when responding to messages sent by third parties.

Links within listings of the contact information listed in phishing messages could be used to download malicious software onto your computer or take you to a malicious third party site. To verify the contents of a message, use known good contact information or, for a business, contact information directly on their website.

4. Be wary of clicking on links or downloading attachments from unsolicited messages.

Phishing messages could include links that direct people to malicious websites or attachments that execute malicious software.

5. Be cautious even of official-looking messages and links.

According to the OCR, “Phishing messages may direct you to fake websites mimicking real websites using website names that appear to be official, but which may contain intentional typos to trick individuals.”

6. Use multi-factor authentication.

Multi-factor authentication decreases the chances someone could hack your account using only your password. We reported that about half of all hospitals in the U.S. used two-factor authentication to protect electronically protected health information (ePHI) in 2015.

7. Use anti-malware software and keep them (along with system patches) up to date.

If someone in your organization does fall prey to a phishing cyberattack, anti-malware software can help prevent a hack, and ensuring system patches are up to date decreases the likelihood that malicious software could exploit vulnerabilities.

8. Back up your data.

If malicious software is installed on your computer you want to have a current backup of your data.

“Malicious software that deletes your data or holds it for ransom may not be retrievable,” the OCR states. “Robust, frequent backups may be the only way to restore data in the event of a successful attack.”

Officials should also make sure they test backups by restoring data often.

Other Resources for Preventing Phishing Attacks

Other resources for preventing phishing attacks include the Federal Trade Commission’s consumer protection information, the FBI’s information on spear phishing.


We hope these resources help!

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series