High-profile hacking attacks might dominate the headlines, but one of the biggest risks to your security isn\u2019t software vulnerabilities or malware\u2014it\u2019s phishing attacks. There were more than 1.2 million phishing attacks last year alone, up 65 percent over 2015, according to the Anti-Phishing Working Group (APWG).+ Also on Network World:\u00a025% to 30% of users struggle with identifying phishing threats, study says +Phishing attacks usually come in the form of a fake email that appears to be from a legitimate source, such as your bank, employer or a website you use frequently. The idea is to get you to hand over the keys to your accounts by prompting you to type your login details and password into a fake website front. Victims click the link in an email and get taken to a website that looks just like the real thing, but in reality, it has been created to steal information.Because phishing attacks target people using sophisticated techniques designed to fool, no business is immune to them. Remember, your cybersecurity is only as strong as the weakest link\u2014your employees. Let\u2019s run through a few important rules that will safeguard you and your business from phishing attacks.1. Verify requests for sensitive dataIf you get an email request for sensitive data, don\u2019t immediately tap reply and hand away access to your account. Make sure it really is a legitimate request from Sharon in accounting or that your supplier needs updated bank details. A quick phone call can save you from a serious data breach. If you insist on emailing, then don\u2019t reply, type the email address in yourself or use your address book.2. Type URLs or use your own bookmarksPhishing scams often come in the form of links in emails that appear to be sent from people you know and trust. What looks like another funny cat video from the office joker may, in fact, be directing you to unknowingly download malware. Sometimes the email will be a request to update your login details with a link to what appears to be a legitimate company website. You can avoid this kind of scam by always typing the URL into the address bar of your browser yourself or using your own bookmark if you have one. Never click on links in emails.3. Monitor company account accessThe IT department should be keeping an eye on company account access. Make sure old accounts are deleted and permissions are appropriate. It\u2019s a good idea to employ tools that analyze user behavior and flag any suspicious logins or data requests.4. Be careful about opening attachmentsIf you don\u2019t recognize who an email is from, then don\u2019t open any attachments. They can contain malware that will install itself. Even if you do recognize the sender, it\u2019s worth subjecting the email to greater scrutiny if it has an attachment. You should have security in place that automatically scans and removes suspicious attachments.5. Make sure websites are secureCheck that any secure websites you visit really are secure before you submit any sensitive data. Take a look in the address bar of your browser; you should see "https:\/\/" at the start instead of \u201chttp:\/\/\u201d, where the S stands for security. There should also be a lock icon that you can hover over to see the level of encryption.6. Keep security software on and up to dateAny request to disable your firewall or antivirus defenses should be treated with serious skepticism. Security software should be running at all times and be kept fully updated. Make sure you comply with the IT department\u2019s requests and never disable your security software.7. Report suspicious emailsIf you do get something that looks like a phishing attack, report it. You can forward emails to your security officer or IT department. Many companies and services also have email addresses specifically for suspected phishing emails, and they\u2019ll confirm whether an email is legitimate or not. You can also file complaints at the Federal Bureau of Investigation Internet Crime Complaint Center. If in doubt, it\u2019s always best to ask your IT department.Make sure you and your employees are familiar with these tips, and you can avoid being hooked by phishing scams.Note: Special thanks to my partner Sophos for help in producing this article. \u00a0\u00a0The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.