How to Protect Against Phishing

Protect Against Phishing business slide

Companies that protect against phishing attacks fortunately don’t make the news, because they prevent a big problem. According to the 2018 Small Business Cyber Risk Report from Hiscox, 47 percent of small businesses suffered a cyber attack in the previous 12 months. The worst part? Cyber-attackers hit most businesses more than once.

Clearly, small businesses don't take the appropriate steps to protect against phishing. Plus, they don't and respond like they should when cyber attacks happen. But why?

We see that business's owners understand the risk: 66 percent responded that they’re concerned or very concerned about cyber attacks. However, half of businesses owners cite finances as the reason for not taking a proactive stance against cyber attacks. Those executives miss one key fact: Human error, not infrastructure, causes their greatest vulnerability.

To protect against phishing, business owners can invest in cyber insurance, install intrusion detection, and / or hire cybersecurity experts, but without addressing the human element of cybersecurity, their efforts fall short.

That’s especially true for phishing scams, a type of social engineering attack that continues to grow in prevalence as internet users’ trust in the digital world increases. Kaspersky Lab’s Spam and Phishing Report found that phishing attacks among their users grew dramatically in 2018, with a 27.5 percent growth between Q2 and Q3 alone.

Your ISO 9001:2015 Kit includes Templates, QA Manual, Implementation Guide and a Gap Assessment Internal Audit Tool for ISO 9001:2015

ISO 9001:2015 QMS Implementation Kit

Most Common Phishing Scams

Email phishing

Email attacks come in several forms. Some disguise malware as email attachments, others direct users to fraudulent websites, and others still phish for financial information through legitimate-looking sales offerings or fake invoices. Many email phishing scams use current events to gain the users’ trust; in 2017 and 2018, scammers used cryptocurrency, EU General Data Protection Regulation, and the World Cup to grab users’ attention.

Search engine phishing

With search engine phishing, scammers rely on users’ trust of search engine results to create fraudulent websites offering products or services in order to collect payment information. The phishers then drain users’ bank accounts and / or steal their identities.


For malvertising, or malicious advertising, a scammer places malicious code into online ads. When users click on the ad, their device is exposed to the malware


Vishing involves using VoIP to spoof the caller ID of legitimate institutions like banks, police, or even the IRS. In a vishing attack, scammers call the target and pretend to be someone else to gain access to sensitive information.

TrainingKeeper Software. Keep, organize and plan all your employees' training and activities. Software includes multi-user support with reports, certs, and calendars.

TrainingKeeper Software

How to Protect Against Phishing Attacks

Business owners can’t stop every phishing attack from reaching their employees, but they can avoid becoming a victim. Doing so requires a two-pronged approach:

  1. Employee Training
  2. Security Policies

Invest in employee training. It only takes one mistake by one employee to cost a business tens of thousands of dollars. Business owners must train employees to detect social engineering attacks and keep their staff up-to-date on new scams.

Your company can easily set security policies, but make sure you enforce them too. Instead of asking employees to create difficult passwords and change them regularly, use a password management program that gives employees no choice but to follow password protocol.

You can also hire a professional hacker to test the strength of your network and identify and address any problem areas. You can find qualified hackers through freelance job boards and choose a candidate based on their rate and reviews.

Business owners should also restrict an employee’s ability to use personal devices over business WiFi. While a bring your own device policy may seem harmless and financially prudent on the surface, it causes a major security threat to small businesses. Additionally, the use of endpoint detection and response software, which monitors activity on a network and records that info into a database, can also protect sensitive data.

Article written by Dean Burgess of for Quality Assurance Solutions. Article edited and posted by Quality Assurance Solutions.

Widget is loading comments...

More Info

  • Software Installation and Upgrade Process

    Learn the steps to conduct software installation and upgrade process within your business to prevent mishap.

  • Prevent Computer Virus Download

    This article discusses how to prevent computer virus download. It covers methods of virus attacks, how to prevent company damage, and much more.

  • Building Security Checklist

    Review this building security checklist for a list of do's and don'ts. Use this article to teach your employees about building security and social engineering threats.

  • Biometric Verification

    The future of computer security is biometric verification

  • Backup Computer Data

    Learn how to backup computer data for company PCs. This article lists questions your company should ask when setting up a backup system.

  • IT Audit Program

    This article provides the key elements to include in an IT audit program. It considers current situation assesment, high level needs, organizational needs, PC user issues, manager responsibility, contigency, crisis, risk and a host of other issues.

  • Prevent Scary Emails

    This article discusses business methods to prevent scary emails such as legal liability issues and describes other risks for allowing them.

  • Network Security Information

    This article covers network security information which focuses on IT Policy, Information Security Awareness, and IT Compliance

  • Data Protection Tips

    Data protection tips for your company. This article covers important issues for business data protection and data recovery

  • Corporate Email Policy

    This article covers a detailed corporate email policy. You can also freely download this policy.

  • Corporate Internet Policy

    This corporate internet policy covers criteria, personal use, violations, best practices and more. Download it for free and use it for your business!

  • Strike Preparation Guidelines

    Company Strike Preparation guidelines minimize company risks and downtime during a company strike.

  • IT Audit Tool and Guide

    Review this IT audit tool and guide. We cover scope, physical, access control, data and applications security issues. Learn what to look for and questions to ask during the audit. We also cover what to do prior and during an IT audit.

  • Information Security Notes and Policy

    This article on information security notes and policy covers many key items your business needs to consider when setting up an information security system.

  • Computer Protection Security Guidelines

    This article provides guidelines for creating a computer protection security policy at your workplace. It covers general principles, passwords, copyrights, licensing, protection, prevention, and security

Quality Assurance Solutions
Robert Broughton
(805) 419-3344
Enjoy this page? Please pay it forward. Here's how...

Would you prefer to share this page with others by linking to it?

  1. Click on the HTML link code below.
  2. Copy and paste it, adding a note of your own, into your blog, a Web page, forums, a blog comment, your Facebook account, or anywhere that someone would find this page valuable.

All Products

Software, Videos, Manuals, On-Line Certifications

PDCA Complete

An Organizational Task Management System. Projects, Meetings, Audits & more

8D Manager

Corrective Action Software

TrainingKeeper Software

Plan and Track Training

Snap Sampling Plans!

AQL Inspection Software

QAS Business Slide Deck

450+ Editable Slides with support links


Learn and Train TRIZ

ISO 9001:2015 QA Manual

Editable Template

ISO 9001:2015 QMS Kit

Templates, Guides, QA Manual, Audit Checklists

ISO 14001:2015 EMS Kit

EMS Manual, Procedures, Forms, Examples, Audits, Videos

On-Line Accredited Certifications

Six Sigma, Risk Management, SCRUM

All Products

Software, Videos, Manuals, On-Line Certifications