While there are too many types of cyberattacks for business owners to stay on top of throughout their daily lives, they’ve more than likely come across phishing scams in their inboxes at some point or another. Phishing scams are designed to steal information or install malware on devices or desktop PCs. Scammers can be very clever with their phishing techniques. Sometimes, even the best of us fall victim to these attacks. When we do, these scams can deliver significant damage to our businesses.
The bad news is phishing attacks aren’t going away anytime soon. The total number of phishing sites detected in Q3 2019 was 266,387 — an increase of 46 percent from Q2 2019, according to a new phishing activity trends report published by Anti-Phishing Working Group (APWG), an international coalition dedicated to unifying the global response to cybercrime across various industries.
If you think you’ve been phished, don’t panic. Stay calm. Core Vision has helped dozens of clients deal with these threats – both before they cause damage and after a calamity. We’ll show you the actions that you, as a business owner or manager, can take to minimize the attack’s damage to your company’s systems, networks, and data.
Disconnect your device or PC from the internet pronto
Immediately disconnect from the internet to prevent malware from spreading to other devices on your network.
Now, there are a couple of ways to do this. If you’re using a wired connection, which is probably the case if you’re using a desktop PC at work, unplug the internet cable (it’s more than likely in the back of the computer tower). However, if you’re using a laptop, you’re probably connected to the internet via WiFi. Access your computer’s WiFi settings to disconnect from the network you’re on.
Scan your software for malware
Here’s where having immediate access to an IT professional comes in handy. The only way to find out if malicious code has infiltrated your networks and systems is to scan for it. However, this isn’t always easy to do, especially if you’re not a security expert. If you don’t have an IT professional on your payroll or a contract in place with an outsourced IT provider, you’re going to have to do a little work on your end.
We recommend performing a full system scan with your antivirus software. When you do this, make sure you’re still offline and disconnected from the internet (even if your software recommends you reconnect to the internet).
Change your usernames and passwords
One of the most important actions you must take after discovering you’ve handed over your credentials to a fraudulent website is changing your usernames and passwords. This is a critical step to ensuring cybercriminals can’t gain access to your company’s data.
Here’s something key to remember: Don’t use the same credentials for multiple platforms, as you don’t want to make it easier for hackers to get to your information. This will also protect you if one of the platforms suffers a data breach, which is more common than ever.
Back up your files
Phishing attacks can destroy data. The best way to protect your company’s data from any cyberattack is to perform routine backups (which you can set and forget with various types of backup and disaster recovery products. But if you haven’t backed up your data recently, and you’ve just been phished, we suggest you disconnect from the internet and back up your data now.
Backing up your data protects you from the attack delivering additional damage. Depending on what’s available to you, you can back up your company’s data to external hard drives or numerous cloud-based storage options, which are relatively inexpensive, unless you’re backing up large amounts of data.
The likelihood of you or one of your employees falling for a phishing scam is high. However, with the right strategies in place, you can mitigate immediate damages, prevent further harm and continue conducting business as usual.
If you’d like to learn more about how to prevent these attacks, please contact us or read this article for more information.