How to Protect Against Phishing

Companies that protect against phishing attacks fortunately don’t make the news, because they prevent a big problem. According to the 2018 Small Business Cyber Risk Report from Hiscox, 47 percent of small businesses suffered a cyber attack in the previous 12 months. The worst part? Cyber-attackers hit most businesses more than once.

Clearly, small businesses don't take the appropriate steps to protect against phishing. Plus, they don't and respond like they should when cyber attacks happen. But why?

We see that business's owners understand the risk: 66 percent responded that they’re concerned or very concerned about cyber attacks. However, half of businesses owners cite finances as the reason for not taking a proactive stance against cyber attacks. Those executives miss one key fact: Human error, not infrastructure, causes their greatest vulnerability.

To protect against phishing, business owners can invest in cyber insurance, install intrusion detection, and / or hire cybersecurity experts, but without addressing the human element of cybersecurity, their efforts fall short.

That’s especially true for phishing scams, a type of social engineering attack that continues to grow in prevalence as internet users’ trust in the digital world increases. Kaspersky Lab’s Spam and Phishing Report found that phishing attacks among their users grew dramatically in 2018, with a 27.5 percent growth between Q2 and Q3 alone.

Your ISO 9001:2015 Kit includes Templates, QA Manual, Implementation Guide and a Gap Assessment Internal Audit Tool for ISO 9001:2015

ISO 9001:2015 QMS Implementation Kit

Most Common Phishing Scams

Email phishing

Email attacks come in several forms. Some disguise malware as email attachments, others direct users to fraudulent websites, and others still phish for financial information through legitimate-looking sales offerings or fake invoices. Many email phishing scams use current events to gain the users’ trust; in 2017 and 2018, scammers used cryptocurrency, EU General Data Protection Regulation, and the World Cup to grab users’ attention.

Search engine phishing

With search engine phishing, scammers rely on users’ trust of search engine results to create fraudulent websites offering products or services in order to collect payment information. The phishers then drain users’ bank accounts and / or steal their identities.


For malvertising, or malicious advertising, a scammer places malicious code into online ads. When users click on the ad, their device is exposed to the malware


Vishing involves using VoIP to spoof the caller ID of legitimate institutions like banks, police, or even the IRS. In a vishing attack, scammers call the target and pretend to be someone else to gain access to sensitive information.

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

How to Protect Against Phishing Attacks

Business owners can’t stop every phishing attack from reaching their employees, but they can avoid becoming a victim. Doing so requires a two-pronged approach:

  1. Employee Training
  2. Security Policies

Invest in employee training. It only takes one mistake by one employee to cost a business tens of thousands of dollars. Business owners must train employees to detect social engineering attacks and keep their staff up-to-date on new scams.

Your company can easily set security policies, but make sure you enforce them too. Instead of asking employees to create difficult passwords and change them regularly, use a password management program that gives employees no choice but to follow password protocol.

You can also hire a professional hacker to test the strength of your network and identify and address any problem areas. You can find qualified hackers through freelance job boards and choose a candidate based on their rate and reviews.

Business owners should also restrict an employee’s ability to use personal devices over business WiFi. While a bring your own device policy may seem harmless and financially prudent on the surface, it causes a major security threat to small businesses. Additionally, the use of endpoint detection and response software, which monitors activity on a network and records that info into a database, can also protect sensitive data.

Article written by Dean Burgess of for Quality Assurance Solutions. Article edited and posted by Quality Assurance Solutions.

Widget is loading comments...

More Info

  • Prevent Computer Virus Download

    This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

  • Building Security Checklist

    Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

  • Biometric Verification

    The future of computer security is biometric verification

  • Backup Computer Data

    Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

  • Disaster Recovery Article

    This disaster recovery article discusses the aspects to creating a contigency plan which is critical to your quality maanagement system.

  • Prevent Scary Emails

    This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

  • Network Security Information

    This article covers network security information which focuses on IT Policy, Information Security Awareness, and IT Compliance

  • Data Protection Tips

    Data protection tips for your company. This article covers important issues for business data protection and data recovery

  • Corporate Email Policy

    This article covers a detailed corporate email policy. You can also freely download this policy.

  • IT Audit Program

    This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

  • Computer Protection Security Guidelines

    This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security

  • Strike Preparation Guidelines

    Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

  • Information Security Notes and Policy

    This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

  • Corporate Internet Policy

    This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

  • IT Audit Tool and Guide

    Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

Quality Assurance Solutions
Robert Broughton
(805) 419-3344
Unique QA Products

All Products

Software, Videos, Manuals, On-Line Certifications

8D Manager

Corrective Action Software

Snap Sampling Plans!

AQL Inspection Software

TrainingKeeper Software

Plan and Track Training

StreamLiner Software

Lean and Continuous Improvement

Statistical Process Control

Training Video

ISO 9001:2015 QA Manual

Editable Template

ISO Calibration Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

ISO 14001:2015 EMS Kit

EMS Manual, Procedures, Forms, Examples, Audits, Videos

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, Training Material

Please Recommend Us!