The global spotlight on cybersecurity may have you wondering, “Am I doing enough to keep my systems and my customers safe?” You’re not alone. From individuals to small business owners to global corporations, the pressure is on to safeguard our systems… And we are here to help. This post is part of a series on utility cybersecurity. In it, we will cover key things you can focus on today to make your systems more secure.


Did you know that phishing was the top crime reported by the Federal Bureau of Investigation’s Internet Crime Complaint Center in 2020? Hundreds of thousands of people in the United States alone fell prey to this crime and billions of dollars were lost in the process.

Phishing attacks are counterfeit communications. To an untrained eye, they appear to come from a trustworthy source. This initial communication lures the victim into providing secure information or clicking hazardous links. An infamous example is the Nigerian prince scam wherein the attacker asks for personal information in exchange for money. The example has been overused and overexposed to the point that average employees feel confident they could spot a phishing attempt without thinking twice. The problem is that cybercriminals have become more sophisticated and phishing attempts are more personalized.

For example, a cybercriminal may impersonate a leader at your organization and request proprietary data. They might impersonate one of your vendors and encourage employees to open a link or attachment with malware. The exact appearance of phishing changes by the minute.

Two things are sure though:

  1. Phishing attempts will not stop anytime soon. In fact, expect them to increase.
  2. A well-informed, vigilant workforce is key to ensuring phishing attempts don’t turn into phishing attacks.

So, what can you do today to prevent tomorrow’s phishing attempt from becoming a successful attack?

  1. Train and educate employees often. Show them what phishing attempts look like and what to do if an attempt happens.
  2. Make it convenient to report phishing attempts. Microsoft and Google offer ‘Report Phishing’ buttons on their email platform. Ensure these are activated for your enterprise accounts and tell employees how to use them.
  3. Keep employees on their toes. Phishing simulations help employees recognize potential threats and know how to act on them. Work with your local IT group to set up scheduled simulations and then review what happened with your staff post-simulation. Engagement is the key.
  4. Embed cybersecurity in your culture. Bring it up at staff meetings and in town halls. Share tips and best practices often. Talk about phishing attempts to familiarize employees with the many forms they take.

If you have questions on implementing the above, please reach out. We are more than happy to share what we have learned and point you in the right direction to implementation. You can also learn more about cybersecurity from Xylem’s Chief Information Security Officer, Nick Nedostup, in this post and about Xylem’s position on cyber risk in the water sector in this brochure.

Up next, I’ll be covering why software updates are a critical part of your cybersecurity approach. I invite you to follow along!