Gone Phishing

Working Together to Protect Data

While many tech companies employ safeguards around clients’ employee data, protecting this data is a shared responsibility between that technology and its clients. Reviewing and sharing these resources with your organization is a great way to help ensure you are doing everything you can to protect your data.

What is phishing?

Phishing is:

A type of attack that affects all individuals and organizations that utilize the internet.
Delivered via email or other messaging services.
Trying to persuade you to log into or visit a malicious site, open an infected attachment, or perform an action.
Impersonating someone you trust, such as a vendor you currently do business with or a co-worker at your organization.

If you’re working with one or several technology partners, its best to keep an eye out for phishing attempts posing as these partners, especially when those partners have access to sensitive client information. It is important to remember that a phishing attack can come from anyone at anytime.

For more information on phishing, our team recommends reviewing and sharing this newsletter with your employees.

How do I protect myself, my organization, and my employee data from phishing?

Recognizing a phishing attack is the first step to defending yourself against it. Some common clues include:

Appearing to come from a trusted vendor, but uses poor grammar or personal email addresses like @gmail.com.
Pressuring you to bypass or ignore your policies or procedures at work with a sense of urgency.
Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know.

If you are ever in doubt, contact the sender via another form of communication and ask them to validate if they sent the email. For Netchex clients, this can be easily done by contacting our support team or reaching out to our Information Security Team at [email protected]

What does Netchex do to help protect against phishing?

Netchex employees are conditioned to recognize phishing utilizing newsletters, training, and simulated phishing tests throughout the year.

The Netchex Information Security Team also employs an incident response process for any report from our clients of someone trying to impersonate Netchex. In a previous phishing attempt,our team had the offending site taken down within 5 hours of opening our incident response process and detailed alerts out to all clients across multiple channels within 24 hours. It is one of our team’s top priorities to make sure you have the information you need to protect yourself and your organization.

Have more questions or concerns?

If you’re a Netchex client, please contact our Netchex Information Security Team at [email protected] with any additional questions or concerns you may have about phishing or security at Netchex. And if you would like more information on all the Netchex safeguards already in place to keep your data safe, take a look at our Netchex Data Security Whitepaper.