Developing an Effective Damage Control Phishing Plan for your Business

Phishing attacks could prove fatal for your business. That is, if you don’t have the right precautions in place and you don’t develop some form of ‘damage control plan’ in case the worst should happen.

There are some key things you can do to initially prevent an attack on your business. These include:

  • Informing staff how to respond to a suspicious email (report it, delete it, don’t open it, don’t reply to it, etc.)
  • also recommends using a good spam filter, and keeping your browser updated. They say, “Most phishing messages are easily detectable by a good spam filter and should not even hit your inbox. But beware! Even the best filters can be tricked by the phishers sometimes.”
  • If you are taken to a website, make sure you check its security certificate. says, “Any site that collects personal data should be using a digital security certificate. A digital security certificate will appear as a small lock in the address bar of your web browser. Click on it and it will verify the name of the company that owns that certificate.”

If the worst does happen and hackers somehow manage to infiltrate your business, getting hold of key information about customers, data, bank details and so on, the most important thing to have in place is a damage control plan. It is a good idea to talk through with the main financial representatives in your company about how this would work. In the panic of a phishing attack, you need clear and concise guidelines so that you can follow them calmly to minimise damage.

An example of this is Payday loan provider Wonga South Africa, who had a fraud hotline set up especially for victims of a recent phishing attack (which was using Wonga’s image without permission) or anyone concerned about this phishing attack to call and speak to a well-informed representative of the company, explaining to those affected what they should do next. The phishing attack involved users (many of whom having no previous affiliation with Wonga – no customer information was actually leaked by the loan website) receiving texts and emails persuading them to take up a new and incredibly lucrative loan deal by paying an upfront fee. Of course, this was a bogus message but it seemed so convincing to some people due to its use of the Wonga image and professional tone of voice. Despite Wonga being a victim themselves in this scenario they acted swiftly to address the situation:

“we have posted messages on our internet platforms and taken out adverts warning consumers about this scam, we as a business are going one step further by helping victims restore their good name and credit record.”

This kind of damage control allowed their brand trust to remain largely intact.

By developing an effective damage control plan, you can reduce the impact of phishing attacks on your company, your customers, and your brand. Planning ahead is key for this to work – and really can make a difference.

Post Comment