Protect your business against phishing

76% of organizations said they experienced phishing attacks in 2017.

why-need-2fa.png

Contrary to what Holywood would want you to believe, the most common and most effective form of “hacking” isn't done by a hooded malcontent feverishly typing at a keyboard, but rather so-called “Phishing”. If it reminds you of the word “fish”, you’d be correct.

Essentially an attacker puts out bait (fake messages) to catch fish - in this case, unsuspecting computer users. The attacker tries to trick people into sharing personal information or login credentials, or any information that could later be used to against them in future attacks.

Follow the steps below to protect yourself and your business against phishing.

1. Turn on 2-Step Verification

2-Step Verification (also known as two-factor authentication) adds an extra layer of security to your account. With 2FA enabled you’ll sign in to your account in two steps with:

  • Something you know (your password)
  • Something you have (your phone or a security key).

Even if your password is compromised, access to your account is still protected by the secondary layer.

Get started with 2-Step authentication on your account.

2. Activate DKIM

DomainKeys Identified Mail (DKIM) is an email authentication method designed to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

By enabling DKIM on your mail server it becomes much harder for an attacker to forge your email address and fool your clients or team members into thinking they are communicating with you. DKIM provides a means for email servers to verify that email was sent by you (and was not tampered with); it does this by using private and public encryption keys in much the same way online credit card transactions are secured.

DKIM requires an update to your domain’s DNS and to your G Suite server settings. If you are a G Suite subscriber, we will take care of implementation for you.

3. Report suspicious email

When Google identifies a suspicious email a warning message and option to move the email to the spam folder is displayed. You have full control over this process and can mark or unmark emails as phishing attempts.

4. Professional security audit on your domain

It’s critical to identify your organization’s unique risks in order to effectively optimize the security of your G Suite deployment. We help our clients with a free high-level security audit to ensure best practices are followed and your G Suite deployment is safe from unnecessary and preventable security risks.

Talk to us about a security audit for your G Suite domain.

Back to blog