Black Friday Sale! 50% Off All Access

The Phishing Expedition You Want to Avoid This Summer Take these 12 steps to avoid an undesired visitor to your company's information or personal data.

By Robert Siciliano Edited by Dan Bova

Entrepreneur+ Black Friday Sale

Our biggest sale — Get unlimited access to Entrepreneur.com at an unbeatable price. Use code SAVE50 at checkout.*

Claim Offer

*Offer only available to new subscribers

Opinions expressed by Entrepreneur contributors are their own.

It's as easy for hackers to phish out your business' personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite.

Malware attacks have become more pronounced than ever against banks. A report "The Invisible Web Unmasked" notes that just from July to September 2013, more than 200,000 new attacks occurred. This was made possible, in part, by the decision makers at banks (and other businesses) who fail to instill an anti-phishing mind-set in employees.

Related: The Internet of Things: New Threats Emerge in a Connected World

Despite the threat of malware attacks, many businesses continue to fail to teach employees about phishing scams, a favorite and extremely prevalent scam of cybercriminals.

One type of phishing scam is to lure a user onto a malicious website. ZeuS (Zbot) is such an example, planted on websites. If a user visits that site, it will download a virus onto a device that will steal the user's online banking information, then forward it to a remote server, where the thief can obtain it.

But that ingenuity is contingent upon an individual's being gullible enough to open a phishing email and then click on the link to the malicious site.

And who are these gullible users? Probably someare your employees. One report by the security training firm ThreatSim says that 18 percent of phishing emails are opened on the job, Eweek reported. People in the workplace are being lured into clicking on a malicious link.

Though some of this might arise when employees are fiddling around with personal affairs on the company computer or mobile device, sometimes this clicking is done because the employee believes that an email is business related.

Decision makers should mandate monthly training sessions for employees to make them phishing-proof.

Without training sessions, employees will be led to believe that their company routinely communicates urgent information to them via emails with links. According to a recent report, one particular phishing operation netted a 27 percent click-response rate.

Another factor in the likeliness that a business's device will become infected is if it has outdated versions of commonly used software such as Adobe Acrobat and Microsoft Silverlight.

Even if you believe that your company's phishing attacks are minimal, a small amount of this type of cyber assault can result in significant costs to a company, involving such things as cleaning up the damage, plus employee downtime during the operation:

Employees should be cautious about the following, according to the Anti-Phishing Working Group:

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

1. Be careful about email from an unfamiliar sender. If it's earthshaking news, notified will probably come in person or via a voice phone call.

2. Don't trust an email from an employee that requests personal information, particularly financial data, or to donate to a charity. Even if the message contains the name and logo of the business's bank, phone the bank and inquire about the email.

3. Be suspicious of an email requesting credit card information, a password or a username.

4. Be wary of an email subject line that's of an urgent nature, particularly if it concludes with an exclamation point. Never rush to click on an email no matter how urgent the subject line appears.

5. Consider never clicking on links in emails. To visit a site, do a web search to find it.

6. Use a password manager to access online statements instead of clicking on the links in estatements.

7. Keep the computer browser up-to-date.

8. If a form inside an email requests personal information, enter delete to chuck the email.

9. Use the most up-to-date versions of Chrome, Internet Explorer and Firefox offer optional anti-phishing protection.

10. Check out special toolbars that can be installed in a web browser to help guard a user from malicious sites. This toolbar provides fast alerts when it detects a fraudulent site.

11. Use anti-spyware, antivirus and anti-phishing software and a firewall.

12. Stay out of the spam folder. Most phishing attempts end up in spam and lots of fish get caught there.

Related: Cybersecurity Basics: Surf the Web Safely With These Browsers

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Making a Change

This All-Access Pass to Learning Is Now $20 for Black Friday

Unlock more than 1,000 courses to fit your schedule.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Health & Wellness

How to Improve Your Daily Routine to Strike a Balance Between Rest and Business Success

Here's how entrepreneurs can balance their time and energy to prevent burnout.

Business News

The Two Richest People in the World Are Fighting on Social Media Again

Jeff Bezos and Elon Musk had a new, contentious exchange on X.

Business News

Barbara Corcoran Says This Is the Interest Rate Magic Number That Will Make the Market 'Go Ballistic'

Corcoran said she praying for lower interest rates and people are "tired of waiting."

Money & Finance

Why Donald Trump's Business-First Policies Trump Harris' Consumer-Centric Approach

President Donald Trump's pro-business agenda is packed with policy moves encouraging investment to drive economic growth. The next Congress has a unique opportunity to support entrepreneurship and innovation, improving U.S. competitiveness with the rest of the world.