According to a KnowBe4 phishing study, employees in the insurance, manufacturing and technology industries click phishing emails or open infected attachments more often than employees in other industries.
However, no industry is immune to phishing attacks. Use these practical tips to reduce your company’s risk and improve employee awareness.
1. Recognize spam
Phishing emails often pretend to be from a legitimate company to gather private information.
- Originate from an unrecognized sender.
- Ask for confirmation of personal, financial or banking information.
- Contain a sense of urgency.
- Threaten legal action or other consequences if you don’t comply.
If you notice any of these signs, mark the email as spam and delete it.
2. Use secure websites
Only share personal or financial information on sites that show a lock icon and an https URL. Avoid entering payment details on pages that lack these indicators.
For businesses that handle online transactions or storefronts, consider protections tailored to online risks such as e-Commerce Security Insurance.
3. Carefully update information via email
Cybercriminals can duplicate company logos and formatting to look legitimate. Always verify the sender before responding or providing sensitive data, and when possible use the company’s official website or phone number instead of email for updates.
4. Avoid clicking unknown links, files and attachments
Attachments and links from unfamiliar senders may contain malware that can compromise devices and networks. Instruct employees to avoid opening unexpected attachments and to confirm requests through a separate channel.
5. Beware of pop-ups
Legitimate companies rarely request sensitive information via pop-up windows. Do not enter personal data into pop-ups or copy their web address into a browser without verifying the source.
6. Utilize IT security measures
Maintain a firewall, up-to-date anti-virus and anti-spyware software, and robust spam filtering on all company devices. Regular updates and timely patching reduce the chances that a phishing attack will succeed.
Smaller businesses can also review industry-specific protections and policies, for example Mail Haulers Insurance, to ensure operational risks are covered where relevant.
7. Hold frequent training
Regular cybersecurity training helps employees recognize evolving phishing tactics and reinforces reporting procedures. Simulated phishing tests and refresher sessions reduce human error over time.
Training may include coordination with outside security resources when appropriate, and businesses can review options such as Security Guards and Patrol Agencies Insurance as part of broader risk planning.
Phishing scams can harm your company now and into the future. In addition to considering cyber insurance and the technical steps above, if you’re unsure how to prioritize protections, talk to an agent.
Frequently Asked Questions
What is phishing?
Phishing is a type of scam where attackers impersonate trusted organizations to trick people into revealing personal or financial information.
How should employees report suspected phishing?
Employees should forward the suspicious message to their IT or security team and then delete it from their inbox.
Can anti-virus software prevent phishing?
Anti-virus and spam filters reduce risk but do not eliminate phishing; employee vigilance and secure procedures are also necessary.
How often should cybersecurity training occur?
Regular training—at least annually with periodic refreshers—is recommended to keep staff informed about new threats.