How to protect your business from phishing attacks

Phishing scams are rising and are one of the most commonly used cyber security threats. These phishing scams trick users into handing over sensitive information, which is used to gain access to protected data and files.  The methods used are increasingly sophisticated, fortunately there are ways to help safeguard you and your business from these attacks.

Phishing methods

Email link – an email is sent with a link that redirects you to an unsecure website, which requests sensitive information

Email spoofing – an email is created with a forged sender address, so it appears as a legitimate source, and a request for details is made such as usernames and passwords

Trojan – a malicious email attachment allows the cyber criminal to access your system and gain confidential and personal information

Telephone impersonation – confidential information is obtained by impersonating an IT department or well known company

Tips to avoid phishing attacks

Educate your staff

New phishing techniques are coming out all the time and many people are not aware of the dangers and what to look out for.  Keep your staff up to date with all the tactics and conduct regular face to face training sessions to help staff recognise phishing emails and attacks. 

Check Links

Ensure everyone within your organisation understands the risks involved in opening links from an untrustworthy source. Do not click on a link unless you have checked that it is from a reliable source. 


Credible companies, such as banks and Microsoft, will never ask for personal information (usernames, passwords, account numbers) through an email.  Beware of poorly written emails, overuse of jargon or emails without contact details. If in doubt end the call and then call them back to make sure it is a legitimate request.


Ensure all your computers are using the latest version of all software, including internet browsers. Many phishing attacks exploit systems that are not updated. 


There are many good reasons to use antivirus software. Install an enterprise level AV solution, regularly monitor the status and ensure that it is kept up to date.

Web and spam filter

Use a web filter that blocks malicious websites and install a spam filter that can prevent emails from reaching the inbox of your employees.


By using a desktop as well as a network firewall you will drastically reduce hackers infiltrating your systems.

Email authentication

Email authentication is a technical solution where your mail server checks that emails are not forged, it flags the emails accordingly or even rejects the messages.

Check accounts

Regularly check your online accounts for any suspicious activity.

All businesses are vulnerable to phishing attacks but as a general rule be cautious, be vigilant and use common sense.

For practical advice on IT security please contact us or call for a chat on 01603 451810.