You are here: Blog Tags Addiction

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

How to Prepare Your Team to Fight Phishing

Voyage Technology Blog Security
0 Comments
How to Prepare Your Team to Fight Phishing

While last year saw a significant decrease in its number of data breaches, the number of records that were leaked doubled… and then some. Part of this can likely be attributed to a spike in the use of ransomware, indicating a resurgence in interest of the mean-spirited malware. This means that your business may very well see more ransomware infection attempts coming its way—the only question is, are your team members prepared for them?

To keep your business and its data sufficiently secured, it will be important to teach your team to effectively identify and avoid phishing. One effective way to do it: try and phish them yourself, via a phishing attack simulation.

How Does a Phishing Attack Work?

Let’s go through the basic process of a phishing attack, just as a quick review:

An attacker, posing as someone else, sends their victim a message making some promise or threat that somehow—either through fear or temptation—coerces their contact into reacting to it, usually by following a link or opening an attachment. This methodology allows such schemes to bypass many restrictions set by security protocols and solutions, as the vulnerability it takes advantage of is the human user.

Therefore, when it comes to defending against the phishing attempts that are virtually guaranteed to target your business at some point, your team members need to be prepared. Let’s discuss what you need to teach them, and how to best prepare them to make sure they’ll overcome any they encounter.

Phishing Lessons to Pass On

Remind Them How Hackers Think

It’s important that your users are cognizant of how clever hackers and scammers can be when it comes to their ruses, and how they often take advantage of current events and information. Many phishing attacks as of late have been themed around COVID-19, pertaining to updates, warnings, and offers of personal protective equipment.

Hackers will try to capitalize on user panic and knee-jerk reactions whenever they possibly can to keep these users from thinking before they act. Therefore, it makes sense to have users look more critically at their incoming messages to evaluate whether a message seems “phishy” or not.

Provide Signs of Problematic Links

A favorite tool of these hackers is that of the spoofed link—basically, a link to one website disguised as a link to another. Others will just use a URL that is different but looks passable enough to slip by unnoticed.

These domains can be tricky. Let’s look at a few red flags to keep an eye out for (in this case, the attacker using Amazon as a disguise):

If the email is from Amazon, a link should lead back to Amazon.com or accounts.amazon.com. If there is anything strange between “Amazon” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like amazon.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • amazon.com - Safe
  • amazon.com/activatecard - Safe
  • business.amazon.com - Safe
  • business.amazon.com/retail - Safe
  • amazon.com.activatecard.net - Suspicious! (notice the dot immediately after Amazon’s domain name)
  • amazon.com.activatecard.net/secure - Suspicious!
  • amazon.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

 Some of these things can be challenging to spot, so you and your users need to be extra careful about checking (and double-checking) links.

Give Safe Links to Use

Even better, you could provide your team members with the links they are expected to use when being directed to certain places by their clients, rather than using the links potentially given in an email. These trusted links can be a real lifesaver, particularly when it becomes apparent that an email was an attack that a trusted link has helped your team to avoid.

Enforce Password Practices and Processes

The security of your team’s collective password policies is important for you to address, as these passwords are often the keys to the castle that cybercriminals are phishing for. Therefore, you need to ensure that your team is not only using best practices but are also handling these passwords appropriately, using tools like two-factor authentication wherever applicable and being generally cautious.

Evaluating Their Preparedness

Finally, once you’ve taught them the signs and precautions, you need to make sure that you check their proficiency in following through. To do this, a phishing test is in order.

A phishing test is simply a phishing attack you run against your own business to help identify where your weaknesses are. By showing you which team members are susceptible to an attack, you can correct the vulnerability through training and other assistance.

What Makes a Successful Phishing Test?

To effectively run a phishing test, you should not inform your team that one is incoming—to do so would defeat the purpose of the evaluation. If you do, make sure you keep it vague and never specify when they should expect it—that way, you can avoid skewing your results.

However, you also need to keep basic ethics in mind. Being shady—like some companies have been concerning their phishing “evaluations” in the past (we’re looking at you, GoDaddy)—will not help your security. You want to communicate trust with your team, and hope it is reciprocated.

As for your other security needs, lean on Voyage Technology for assistance. Give us a call at 800.618.9844 to learn more.

Tweet
Tags:
Phishing Cybersecurity Best Practices
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 10 April 2026

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Data Business Computing Business Productivity Software Innovation Cloud Hackers Hardware Efficiency Network Security User Tips Internet IT Services Malware IT Support Privacy Workplace Tips Google Email Computer Phishing Workplace Strategy Small Business Hosted Solutions Collaboration Backup Users Managed Service Ransomware Mobile Device Productivity Microsoft Passwords AI Quick Tips Saving Money Communication Cybersecurity Data Backup Smartphone Disaster Recovery Data Recovery Android Upgrade VoIP Business Management Smartphones communications Mobile Devices Windows Browser Social Media Microsoft Office Managed IT Services Current Events Network Tech Term Internet of Things Remote Information Holiday Automation Facebook Miscellaneous Artificial Intelligence Covid-19 Training Compliance Gadgets Cloud Computing Server Managed Service Provider Remote Work Outsourced IT IT Support Employee/Employer Relationship Encryption Spam Windows 10 Office Business Continuity Data Management Government Bandwidth Business Technology Windows 10 Virtualization Wi-Fi Blockchain Mobile Office Managed Services Apps Data Security Two-factor Authentication Vendor Budget Mobile Device Management Apple Gmail Tip of the week App WiFi Voice over Internet Protocol Networking Employer-Employee Relationship Chrome BYOD Avoiding Downtime Applications Physical Security Marketing Password Access Control Conferencing Computing Information Technology Managed IT Services How To BDR Office 365 HIPAA Hacker Storage Website Virtual Private Network Bring Your Own Device Help Desk Health Retail Operating System Big Data Risk Management Healthcare Analytics Office Tips Computers 2FA Augmented Reality Router Excel Solutions Display Printer Paperless Office Monitoring Infrastructure Firewall Document Management Going Green Managed IT Service The Internet of Things Telephone Cybercrime Scam Social Remote Workers Data loss Cooperation Patch Management Free Resource Customer Service Project Management Save Money Windows 11 Remote Monitoring Windows 7 Vulnerability End of Support Vendor Management Microsoft 365 VPN Meetings Modem User Tip Processor Mobile Security Sports Mouse Employees Computer Repair Integration Word Smart Technology Administration Holidays Saving Time Machine Learning Safety Data Privacy Data Storage Video Conferencing Settings Downloads Managed Services Provider Wireless Printing Virtual Machines Maintenance Content Filtering Professional Services Licensing Antivirus YouTube Entertainment Cryptocurrency iPhone Customer Relationship Management Virtual Desktop Telephone System Cost Management Data storage LiFi Vulnerabilities Robot Hacking Outlook Images 101 Presentation Money Multi-Factor Authentication Mobility Humor Wireless Technology Supply Chain IT Management Outsourcing Scary Stories Memory Username Network Congestion Hacks Remote Working IP Address Black Friday User Error Data Breach Fun Google Play Database Videos Deep Learning Electronic Health Records Workplace Hiring/Firing Wasting Time Recovery Point of Sale IT Technicians Cookies Cyber Monday Education Trend Micro Hard Drives Paperless Security Cameras Proxy Server Tech Support Tactics Hotspot Software as a Service Domains Co-managed IT Network Management Technology Care Managing Costs Monitors Mirgation Mobile Computing Nanotechnology eCommerce Refrigeration Business Communications Search SSID Websites Addiction Language Best Practice Surveillance Public Speaking Scams Virtual Assistant Hybrid Work Buisness Virtual Machine Management Chatbots Lithium-ion battery Screen Reader Legal Reviews Distributed Denial of Service SharePoint IT solutions Human Resources Medical IT Entrepreneur Electronic Medical Records Service Level Agreement Computing Infrastructure Business Growth Development Cables Transportation Lenovo Hypervisor Writing Identity Smart Tech Shopping Optimization Undo Google Apps Cortana PowerPoint Bookmark Virtual Reality Private Cloud Download Alerts Alt Codes IT Maintenance Server Management Employer/Employee Relationships PCI DSS Business Intelligence Superfish Downtime Identity Theft Navigation Connectivity Gig Economy Break Fix Hosted Solution Shortcuts Browsers Twitter Teamwork Error Upload Typing Internet Service Provider Ransmoware Regulations Compliance Multi-Factor Security Vendors Application Evernote Social Network Social Engineering IoT Google Drive Dark Web Memes Be Proactive Knowledge Remote Computing SQL Server Trends Net Neutrality IBM Workforce Financial Data Google Calendar Threats History Tablet 5G Customer Resource management Regulations Star Wars Google Docs Smartwatch Microsoft Excel Unified Communications IT Workplace Strategies Experience Data Analysis Alert Running Cable Azure File Sharing Gamification Dark Data Staff Bitcoin Procurement Meta Managed IT Google Wallet Telework Legislation Amazon Cyber security Tech How To Social Networking CES Communitications Competition Fileless Malware Notifications Laptop Travel Content Wearable Technology Windows 8 Supply Chain Management Outsource IT Drones FinTech Comparison Environment Techology Media Google Maps Term Health IT Motherboard Assessment Permissions IT Assessment Directions Halloween Value User Unified Threat Management Flexibility Small Businesses Organization Specifications Displays Unified Threat Management Microchip Internet Exlporer Digital Security Cameras Fraud Smart Devices

Blog Archive

2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015