Services Blog Pathologists About Leadership Client Benefits Contact Login

Protect Against EMail Phishing By Hacking Your Business

breach cybersecurity data theft email hacking hijacking password password questions phishing risk management Aug 13, 2019

Phishing Problems

We have all heard about the problems that can occur when an employee clicks on a malicious link within an email. Perhaps you have even experienced it in your business. 

Maybe it was an honest mistake.  Maybe it was careless. Maybe they didn't know any better.  But regardless of the reason, justified or unjustified, the action can put your business .... out of business.  

It used to be that accidentally clicking on a malicious link would result in you being put on a mailing list. Or maybe hijacking your computer to a porn site.  Steal a credit card number.  Or any number of problems from inserting a virus into your system.  But typically these events didn't put your business at real risk of a catastrophic problem.  But that has changed recently.

What Made Hackers So Damaging?

Yes, the world of computer hackers has taken a truly evil turn.  What has made this possible?  Three things.  The first is the common availability of nearly impossible to decode encryption that can be used against you.  Second is the common availability of cryptocurrency which provides a means for hidden and non-trackable financial transactions.  The third?  It's the ingenuity of criminals to put these items together to create an electronic extortion scheme.  

There have been many articles by others that describe how to help protect yourself against this major computer hacking problem.  Backups that are not connected to your computer.  Security programs. And education to not click on those links.   

Yes, proper backups and security programs will help in the event that you get hacked and your data encrypted.  It's great if you are able to restore your old system with a non-encrypted (i.e. pre-hijacked) version of your computer data. But what is even better is to never get hacked in the first place.

Employees Are A Weak Link Of Cybersecurity

Yes, employees are often the weakest link in this protection.  As was said previously, they may click on a malicious link either because they were tricked successfully, didn't pay attention to the risks or just didn't care.  Regardless, it becomes your responsibility to fix the system after this event.  That is costly and may not solve the issue, even if you pay the ransom.  

So it's important to try to stop this before you get hacked and your data held for ransom.  It's important to educate your employees to not click on links in emails. They should always go directly to the web page where they are requested by NOT using the link.  Use the address that you know and type into your browser yourself.  Links in an email are 100% off-limits.

How To Reinforce a "No Link Click" policy

You can use a variety of different enticements and educational tricks to make your employees aware of the risk, but how do you reinforce the lesson when they least expect it?  How do you reinforce it in a way that will teach them a valuable lesson?

Hacking Your Own Business To Safety

Perhaps creating your own "malicious" links is the answer.  

You can create various emails that look official for your business and have a link within it, with the instructions for your employee to click on the link for some function. Click Here To See An Example. But then create a dummy web page that educates the employee that they did not follow their training.  Let them know that their action could have put the business in jeopardy.  The realization of this can "jolt" the employee with the knowledge of their security failure.  In addition, it may be possible to have you or your I.T. department notified of the breach by the employee, so you can then reinforce their training in a personal manner.

There is not a stronger teacher ... than failure.  In this case, the failure to follow the "no click links" policy can be reinforced by tricking the employee to do just that....click an unknown link.  The pit in their stomach when they see that "You have been hacked" message provides a strong emotional (negative) feedback to them which will help highlight - and reinforce - the policy, while not exposing yourself to a real cyber threat. 

It's all about helping your employees understand that it could happen to them.  After all...it just did.

WhiteCoat Risk Management (WCRM) is a physician-owned risk management brokerage which provides these articles to help improve general risk awareness in all aspects of your life.  WCRM is not responsible for any actions you take or fail to take regarding any aspect of your financial planning or risk management.  This article is provided for information purposes and is not intended to provide individualized advice. You alone are responsible for your decisions.  

Visit or contact WhiteCoat Risk Management at www.WhiteCoatRiskManagement.com or join us on Facebook at https://www.facebook.com/WhiteCoatRisk/ 

Be sure to sign up HERE to receive a notification when new blog posts are published.  

Sign up and be notified of posts when they are published.

Join Us!

Recent Posts

8 Things To Know When Picking A Medicare Plan
Medicare Open Enrollment - October 15 - December 7
Essential Guide to Disability Insurance For Doctors
Close

50% Complete

Just one more thing to do...

Thanks for your interest.  Once you enter your first name and email, be sure to check your email and complete your opt-in.  While you are at it, be sure to "white list" emails from WhiteCoatRiskManagement.com  

Thanks!

Why do we do a double opt-in?  Because we want to provide you with that extra degree of security.