The Phishing Expedition You Want to Avoid This Summer Take these 12 steps to avoid an undesired visitor to your company's information or personal data.

By Robert Siciliano Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

It's as easy for hackers to phish out your business' personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite.

Malware attacks have become more pronounced than ever against banks. A report "The Invisible Web Unmasked" notes that just from July to September 2013, more than 200,000 new attacks occurred. This was made possible, in part, by the decision makers at banks (and other businesses) who fail to instill an anti-phishing mind-set in employees.

Related: The Internet of Things: New Threats Emerge in a Connected World

Despite the threat of malware attacks, many businesses continue to fail to teach employees about phishing scams, a favorite and extremely prevalent scam of cybercriminals.

One type of phishing scam is to lure a user onto a malicious website. ZeuS (Zbot) is such an example, planted on websites. If a user visits that site, it will download a virus onto a device that will steal the user's online banking information, then forward it to a remote server, where the thief can obtain it.

But that ingenuity is contingent upon an individual's being gullible enough to open a phishing email and then click on the link to the malicious site.

And who are these gullible users? Probably someare your employees. One report by the security training firm ThreatSim says that 18 percent of phishing emails are opened on the job, Eweek reported. People in the workplace are being lured into clicking on a malicious link.

Though some of this might arise when employees are fiddling around with personal affairs on the company computer or mobile device, sometimes this clicking is done because the employee believes that an email is business related.

Decision makers should mandate monthly training sessions for employees to make them phishing-proof.

Without training sessions, employees will be led to believe that their company routinely communicates urgent information to them via emails with links. According to a recent report, one particular phishing operation netted a 27 percent click-response rate.

Another factor in the likeliness that a business's device will become infected is if it has outdated versions of commonly used software such as Adobe Acrobat and Microsoft Silverlight.

Even if you believe that your company's phishing attacks are minimal, a small amount of this type of cyber assault can result in significant costs to a company, involving such things as cleaning up the damage, plus employee downtime during the operation:

Employees should be cautious about the following, according to the Anti-Phishing Working Group:

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

1. Be careful about email from an unfamiliar sender. If it's earthshaking news, notified will probably come in person or via a voice phone call.

2. Don't trust an email from an employee that requests personal information, particularly financial data, or to donate to a charity. Even if the message contains the name and logo of the business's bank, phone the bank and inquire about the email.

3. Be suspicious of an email requesting credit card information, a password or a username.

4. Be wary of an email subject line that's of an urgent nature, particularly if it concludes with an exclamation point. Never rush to click on an email no matter how urgent the subject line appears.

5. Consider never clicking on links in emails. To visit a site, do a web search to find it.

6. Use a password manager to access online statements instead of clicking on the links in estatements.

7. Keep the computer browser up-to-date.

8. If a form inside an email requests personal information, enter delete to chuck the email.

9. Use the most up-to-date versions of Chrome, Internet Explorer and Firefox offer optional anti-phishing protection.

10. Check out special toolbars that can be installed in a web browser to help guard a user from malicious sites. This toolbar provides fast alerts when it detects a fraudulent site.

11. Use anti-spyware, antivirus and anti-phishing software and a firewall.

12. Stay out of the spam folder. Most phishing attempts end up in spam and lots of fish get caught there.

Related: Cybersecurity Basics: Surf the Web Safely With These Browsers

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Devices

Business Owners are Grabbing as Many of These MacBooks as They Can

The Touch Bar is uniquely suited to the multitaskers, and it's only $399.99

Thought Leaders

10 Things I Wish I Knew Before I Took My Company Public

What I wish I would have known through the many turmoils of experience that lead to necessary wisdoms for company survival.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Business News

Uber's CEO Says Drivers Have About 10 Years Left Before They Will Be Replaced

Uber CEO Dara Khosrowshahi says the jobs of human drivers are safe for the next decade, but after that, another type of driver will take over.

Business News

Elon Musk's DOGE Is Hiring People Eager to 'Work Long Hours' to Eliminate 'Waste, Fraud and Abuse' in the Government. Here's How to Apply.

The Department of Government Efficiency is hiring U.S. citizens to help cut spending and headcounts in the federal government.

Business News

'Everyone Can Profit From It': What Is DeepSeek? China's 'Cheap' to Make AI Chatbot Climbs to the Top of Apple, Google U.S. App Stores

DeepSeek researchers claim it was developed for less than $6 million, a contrast to the $100 million it takes U.S. tech startups to create AI.