You are here: Blog Bloggers

Voyage Tech Blogs

Voyage Technology has been serving the Beaver Dam area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

How to Prepare Your Team to Fight Phishing

Voyage Technology Blog Security
0 Comments
How to Prepare Your Team to Fight Phishing

While last year saw a significant decrease in its number of data breaches, the number of records that were leaked doubled… and then some. Part of this can likely be attributed to a spike in the use of ransomware, indicating a resurgence in interest of the mean-spirited malware. This means that your business may very well see more ransomware infection attempts coming its way—the only question is, are your team members prepared for them?

To keep your business and its data sufficiently secured, it will be important to teach your team to effectively identify and avoid phishing. One effective way to do it: try and phish them yourself, via a phishing attack simulation.

How Does a Phishing Attack Work?

Let’s go through the basic process of a phishing attack, just as a quick review:

An attacker, posing as someone else, sends their victim a message making some promise or threat that somehow—either through fear or temptation—coerces their contact into reacting to it, usually by following a link or opening an attachment. This methodology allows such schemes to bypass many restrictions set by security protocols and solutions, as the vulnerability it takes advantage of is the human user.

Therefore, when it comes to defending against the phishing attempts that are virtually guaranteed to target your business at some point, your team members need to be prepared. Let’s discuss what you need to teach them, and how to best prepare them to make sure they’ll overcome any they encounter.

Phishing Lessons to Pass On

Remind Them How Hackers Think

It’s important that your users are cognizant of how clever hackers and scammers can be when it comes to their ruses, and how they often take advantage of current events and information. Many phishing attacks as of late have been themed around COVID-19, pertaining to updates, warnings, and offers of personal protective equipment.

Hackers will try to capitalize on user panic and knee-jerk reactions whenever they possibly can to keep these users from thinking before they act. Therefore, it makes sense to have users look more critically at their incoming messages to evaluate whether a message seems “phishy” or not.

Provide Signs of Problematic Links

A favorite tool of these hackers is that of the spoofed link—basically, a link to one website disguised as a link to another. Others will just use a URL that is different but looks passable enough to slip by unnoticed.

These domains can be tricky. Let’s look at a few red flags to keep an eye out for (in this case, the attacker using Amazon as a disguise):

If the email is from Amazon, a link should lead back to Amazon.com or accounts.amazon.com. If there is anything strange between “Amazon” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like amazon.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • amazon.com - Safe
  • amazon.com/activatecard - Safe
  • business.amazon.com - Safe
  • business.amazon.com/retail - Safe
  • amazon.com.activatecard.net - Suspicious! (notice the dot immediately after Amazon’s domain name)
  • amazon.com.activatecard.net/secure - Suspicious!
  • amazon.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

 Some of these things can be challenging to spot, so you and your users need to be extra careful about checking (and double-checking) links.

Give Safe Links to Use

Even better, you could provide your team members with the links they are expected to use when being directed to certain places by their clients, rather than using the links potentially given in an email. These trusted links can be a real lifesaver, particularly when it becomes apparent that an email was an attack that a trusted link has helped your team to avoid.

Enforce Password Practices and Processes

The security of your team’s collective password policies is important for you to address, as these passwords are often the keys to the castle that cybercriminals are phishing for. Therefore, you need to ensure that your team is not only using best practices but are also handling these passwords appropriately, using tools like two-factor authentication wherever applicable and being generally cautious.

Evaluating Their Preparedness

Finally, once you’ve taught them the signs and precautions, you need to make sure that you check their proficiency in following through. To do this, a phishing test is in order.

A phishing test is simply a phishing attack you run against your own business to help identify where your weaknesses are. By showing you which team members are susceptible to an attack, you can correct the vulnerability through training and other assistance.

What Makes a Successful Phishing Test?

To effectively run a phishing test, you should not inform your team that one is incoming—to do so would defeat the purpose of the evaluation. If you do, make sure you keep it vague and never specify when they should expect it—that way, you can avoid skewing your results.

However, you also need to keep basic ethics in mind. Being shady—like some companies have been concerning their phishing “evaluations” in the past (we’re looking at you, GoDaddy)—will not help your security. You want to communicate trust with your team, and hope it is reciprocated.

As for your other security needs, lean on Voyage Technology for assistance. Give us a call at 800.618.9844 to learn more.

Tweet
Tags:
Phishing Cybersecurity Best Practices
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 06 May 2026

Captcha Image

Sign Up For Our Newsletter!

Blog Categories

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Technology Tip of the Week Best Practices Data Business Computing Business Productivity Software Innovation Hackers Cloud Efficiency Hardware Network Security User Tips Internet IT Services Malware Phishing IT Support Google Privacy Email Workplace Tips Computer Workplace Strategy Hosted Solutions Collaboration Backup Small Business Users Ransomware AI Managed Service Mobile Device Productivity Microsoft Passwords Quick Tips Saving Money Communication Cybersecurity Data Backup Smartphone Disaster Recovery Data Recovery Android VoIP Upgrade Smartphones Business Management Mobile Devices communications Windows Social Media Browser Microsoft Office Managed IT Services Current Events Network Tech Term Internet of Things Remote Information Miscellaneous Holiday Facebook Automation Artificial Intelligence Gadgets Compliance Cloud Computing Covid-19 Training Outsourced IT Server Managed Service Provider Remote Work IT Support Spam Encryption Employee/Employer Relationship Office Windows 10 Business Continuity Government Data Management Bandwidth Blockchain Vendor Wi-Fi Windows 10 Business Technology Virtualization Apps Managed Services Data Security Mobile Office Two-factor Authentication Budget Employer-Employee Relationship Voice over Internet Protocol Apple Networking App BYOD Mobile Device Management Gmail WiFi Tip of the week Chrome Conferencing Password Managed IT Services How To Hacker BDR Avoiding Downtime Marketing HIPAA Computing Physical Security Applications Information Technology Access Control Office 365 Retail Storage Bring Your Own Device Healthcare Computers Website Operating System Router Virtual Private Network Risk Management Health Help Desk Analytics Office Tips Big Data 2FA Augmented Reality Excel Managed IT Service Telephone Scam Remote Workers Data loss Customer Service Cooperation Going Green Patch Management Free Resource Project Management Save Money Windows 7 Remote Monitoring Vulnerability End of Support Vendor Management Microsoft 365 Cybercrime Solutions Firewall Display Printer Paperless Office Infrastructure The Internet of Things Monitoring Windows 11 Document Management Social Video Conferencing Managed Services Provider Virtual Machines Maintenance Professional Services Antivirus Customer Relationship Management Sports Downloads Mouse Licensing Entertainment Administration Hacking Presentation iPhone Vulnerabilities Wireless Technology Telephone System Data Privacy Robot Cost Management Settings Images 101 Printing Wireless Multi-Factor Authentication Mobility Content Filtering Word IT Management VPN YouTube Meetings Cryptocurrency User Tip Modem Employees Processor Computer Repair Mobile Security Integration Safety Virtual Desktop Data storage LiFi Smart Technology Outlook Holidays Machine Learning Data Storage Money Saving Time Humor Supply Chain Hacks Server Management IBM Employer/Employee Relationships Outsourcing Scary Stories Private Cloud Identity PCI DSS Superfish Bookmark Identity Theft Smart Tech Navigation Fun Twitter Alerts Gig Economy Deep Learning Download Workplace Teamwork Hiring/Firing Error Internet Service Provider Regulations Compliance Browsers Education Connectivity Evernote Paperless Social Engineering Break Fix Remote Computing Memes Upload Competition Co-managed IT Mobile Computing Social Network SQL Server Technology Care Multi-Factor Security Net Neutrality Financial Data History Tablet IoT Business Communications Search Dark Web Alert Smartwatch IT Best Practice Trends Scams Procurement Managed IT Customer Resource management Azure Hybrid Work Buisness File Sharing Regulations User Dark Data Google Calendar Telework Legal Data Analysis Cyber security IT solutions Star Wars Tech Human Resources How To Microsoft Excel Cables Notifications Staff CES Communitications Business Growth Gamification Supply Chain Management IP Address Travel Social Networking Legislation FinTech Techology Fileless Malware Google Maps Term Google Apps Cortana IT Maintenance Wearable Technology IT Assessment Alt Codes Content Flexibility Health IT Value Business Intelligence Downtime Unified Threat Management Motherboard Recovery Comparison Organization Unified Threat Management Directions Hosted Solution Assessment Hard Drives Shortcuts Permissions Ransmoware Digital Security Cameras Smart Devices Typing Domains Remote Working Memory Vendors Network Congestion Specifications Google Drive User Error Microchip Data Breach Internet Exlporer Refrigeration Google Play Be Proactive Knowledge Fraud Workforce Videos Electronic Health Records Username Public Speaking Lithium-ion battery Wasting Time Threats Point of Sale 5G Black Friday Google Docs Trend Micro Unified Communications Database Security Cameras Workplace Strategies Experience Entrepreneur Meta Running Cable Tech Support IT Technicians Software as a Service Bitcoin Network Management Google Wallet Proxy Server Managing Costs Amazon Cookies Monitors Cyber Monday eCommerce Tactics Undo SSID Hotspot Virtual Assistant Outsource IT Laptop Websites Mirgation Surveillance Windows 8 Drones Virtual Machine Environment Nanotechnology Media Reviews SharePoint Addiction Medical IT Electronic Medical Records Language Management Transportation Small Businesses Halloween Chatbots Development Lenovo Hypervisor Displays Screen Reader Application Writing Distributed Denial of Service Virtual Reality Computing Infrastructure Shopping Optimization Service Level Agreement PowerPoint

Blog Archive

2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015