To breach your bank security, scammers may send phishing emails to your bank employees. To protect your assets and your reputation, you need to make sure that your staff knows how to identify and avoid phishing emails. Take a look at these five essential tips.
1. Use Antivirus and Email Filters
For your first line of defense, make sure you have adequate security software in place. Ideally, you should have anti-virus software and email filters that can detect and filter phishing attempts before your employees ever see them. Make sure you update these tools on a regular basis. Developers are constantly improving the security on antivirus software, and if you don’t update regularly, you miss out on key security tools.
2. Train Employees Not to Click Links or Open Attachments from Unknown Entities
Unfortunately, even the best software will not find every phishing attempt. Your employees also need to know how to be careful online. Some phishing emails try to convince the recipient to share sensitive information, but a lot of phishing emails contain malware. If the employees of your financial institution open an infected attachment or click on the wrong link, adware, bots, bugs, Trojan horses, viruses, or other malicious programs may be downloaded onto their computers.
Depending on the nature of the program, it may steal usernames and passwords, sensitive information from your employees or customers, or a variety of other details. In some cases, you will know right away that the malware has been downloaded onto your computers. For instance, if ransomware is on your bank’s computers, you will likely get a message immediately asking for ransom. But in other cases, the malware can steal information from your system for weeks or months before you discover the breach.
3. Emphasize the Importance of Looking Closely
Often, your employees can immediately tell that an email is from a stranger, but sometimes, it be very difficult to spot a fraudulent email. Scammers get more sophisticated by the day, and savvy scam artists tend to do research before sending phishing emails.
They may send your employees an email that appears to be from one of your customers or vendors. They may even send emails that appear to be internal. For instance, a lower level bank employee may receive a message which appears to be from a branch manager, but really, it’s from a scammer phishing for information. Your employees need to be vigilant about checking email addresses very closely, so they can see where the message originated.
4. Share Examples of Phishing Emails
So that your employees know what to look for, consider showing them examples of phishing emails. Keep old phishing emails that you have received and show them to current employees. Consider making them part of your training materials when you hire new employees. On top of that, also look for examples in other places.
If you are in a network with other banks, ask them to share copies of phishing emails they have received. Also, consider checking out online databases of phishing emails. For instance, Cornell University publishes phishing emails in its Phish Bowl, while UC Berkeley publishes phishing emails in its Phish Tank.
5. Hold Phishing Drills
To ensure your financial institution’s employees are absorbing the online security education you’re providing, consider holding drills. Essentially, you send your employees fake phishing emails, and you gauge their ability to spot the issue. Companies such as Gophish and KnowBe4 can help with this process.
If your employees fall prey to one of your drills, don’t alienate them by focusing on what they did wrong. Instead, identify areas for improvement. Then, when you hold another training class or send out a memo on how to avoid phishing, you can incorporate a new set of useful tips.
Educating your employees about security risks is key, but you also need the right security software and tools. To learn more about security software for your bank, credit union, or other financial institution, contact us today. At SQN Banking Solutions, we make fraud protection easy for our clients.