We’ve talked about how to spot a phishing email and some of the common signs to be on the lookout for. Yet sometimes, even after being trained on what to look for and what not to do, we find ourselves saying ‘Oh no! I clicked on a phishing link!’ When that happens, the clock starts ticking. You must instantly take control of the issue to stop or limit the financial and reputational damage your organization may face.
I Clicked on a Phishing Link. What Do I Do?
There are several things that can happen after clicking on a phishing link. Malware may be installed on your device to spy on your activity or collect its sensitive data, your email contacts or basic information could be exploited, or a combination of these (and more) may occur.
Hopefully, your organization has a web filter to prevent phishing emails from getting through to the network, but in case they still get to you there are some simple steps to take. If you find yourself inadvertently clicking on a phishing link, you can’t turn back the clock, but you can take specific actions to correct the mistake, like:
- Don’t panic – no one thinks clearly in this state of mind.
- Disconnect the device from the Internet or network straight away. This limits the amount of time the hacker has access to your computer remotely.
- If your company has a helpdesk, contact them, walk them through what happened, and follow their instructions. BT Partners’ Managed IT Services team provides trusted on-call support for IT issues that require immediate attention, like phishing emails and ransomware attacks, so you can stay focused on the core of business.
- Change any online usernames and passwords in case they became compromised. Make sure to use strong passwords or passphrases that aren’t easily identifiable and are not ones you’ve used before in other places.
Of course, if your organization has its own protocol for handling what happens when you click on a phishing link, be sure to follow them. Once reported, your helpdesk or our Managed IT Services team, will then take additional steps to limit the harm, like scanning the system for malware, backing up data and important files, and running an assessment to determine what damage has been caused. The ‘Oh no, I clicked on a phishing link’ can become a non-issue if you follow our proactive steps noted above.
Education is Key
Phishing is one of the biggest threats to online security and rose by 220% compared to annual averages at the height of the Covid-19 pandemic. These types of cyberattack tactics aren’t going away anytime soon and will likely increase in volatility. That means businesses around the globe need to put measures in place to stop them or limit the amount of damage they cause.
One measure is through educating employees on how to protect against cyberattacks. For this to happen, executives need to prioritize cybersecurity issues and promote best practices from the top down.
Low-security awareness among employees is the top barrier for organizations establishing effective defenses. We’ve found that a great method of defense is training that uses fun and engaging tools, like those provided by KnowBe4. KnowBe4 provides our clients with new-school security awareness training tailored specifically to your organization’s unique size and type of users. The primary focus is to educate staff and transform them into a ‘human firewall’, so they are armed with the tools and knowledge to fight against cyberattacks.
Your people are your first layer of defense, but they are also your biggest vulnerability. With 82% of data breaches involving a human element, we must work on getting buy-in from staff and educating them on how to identify, react, and prevent social engineering attacks.
We are busy with multiple tasks and responsibilities, like chasing KPIs, building relationships, managing budgets, and more. We’ve got a lot going on, so sometimes that means hiring outside help who can provide on-demand interactive cybersecurity training. Trying to manage a security training program on your own is challenging, so why not outsource the work to the experts who can get a customized program set up in just a few minutes?
If you’re interested in learning more about phishing attacks and how you can defend your organization without compromising productivity so that it becomes more resilient overall, reach out to our Managed IT Services team.