The third part of a business plan that protects against phishing scams uses technology to protect employees. The emails that lead to phishing scams often come from domains that are not based inside the United States. Investing in a spam filter that blocks emails received from domains will allow a business to protect employees. Blocking domains such as Russia or North Korea from being able to send emails will help prevent employees from receiving phishing emails. In addition to blocking entire countries from sending emails to employees a business should block individual email senders as they are received.
Employees should notify the business any time they receive a phishing email so the sender can be added to the blacklist. Working to block senders as part of an ongoing IT strategy will help build the defenses over time. In addition to building a black list of addresses over time a business can use two factor authentication to help protect data.
Phishing scams try to get users to enter their email address and password so the scammer can gain access to the email account. Two factor authentication can be used to protect employee accounts from scammers gaining access to the account in the event an employee is tricked. When two factor authentication is turned on then a text message is sent to the user’s phone any time a login attempt is made. If the scammer does not have access to the user’s phone then there is no security risk in losing the username and password.
Businesses that use spam filters to create blacklists of senders and two factor authentication for employee access can prevent most of the phishing scams from causing harm. In a previous post we discussed using insurance to protect the business. By putting these protective measures in place a business will be able to reduce their insurance costs and comply with requirements of the insurance companies.