Phishing attacks are on the rise with more and more small and medium businesses at greater risk from hackers infiltrating company networks. 

To help your business to stay safe, below are four security tips to help employees identify phishing emails.

· Think before you click. Even if the message looks innocent, check for warning signs. Examples include: spelling mistakes, terminology that isn’t how your company would say it, software tools your company doesn’t use, and behaviors such as changing any settings.

· Check with the sender if you aren’t sure. But never check by replying to the email to ask if it’s genuine – you will get the answer “Yes” either way, because a legitimate sender would tell the truth, but a crook would lie. Use a corporate directory accessible via trustworthy means to find a way to get in touch with a colleague you think has been impersonated.

· Take a careful look at links before you click. Many phishing emails contain text and images that are error-free. But the crooks often have to rely on temporary cloud servers or hacked websites to host their phishing web pages, and the subterfuge often shows up in the domain name they want you to visit. Don’t be tricked because a server name looks “close enough” – crooks often register near-miss names such as yourcompanny, yourc0mpany (zero for the letter O) or yourcompany-site, using misspellings, similar-looking characters or added text.

· Report suspicious emails to your IT security team. Do this every time, even though it feels like a thankless task. Phishing crooks don’t send their emails just to one person at a time, so if you’re the first in the company to spot a new scam, an early warning will let your IT department warn everyone else who might have received it too.

For more information about cybersecurity and compliance, please visit