There’s a sentiment among many small business owners that they’re not large enough to attract the attention of cyber criminals. But just because you’re a small fish in a big pond doesn’t mean you’re invulnerable to so-called phishing attacks. Remember – if you’re on the Internet, it’s open game for hacker hunters.
In fact, it has been reported that a whopping 90% of all data breaches are a result of phishing. For those unfamiliar with the term (and hopefully you will remain unfamiliar with it outside of this article) phishing is when a cyber attacker sends an email under false cover of a friend or other trusted contact and then persuades you to click on an innocent looking link that in reality is a link to a malicious file. Phishers will also ask their unbeknownst victims to give them access to confidential information, like bank account, credit card and Social Security numbers.
Phishing has become more prevalent and sophisticated in recent years; these cybercriminals have put the polish on convincing their targets that they are legitimate associates. And what makes these phishing expeditions so frustrating is that they are so tough to tackle, yet relatively easy to launch. Phishers rely, essentially, on the politeness of their victims; social manipulation savvy is their key to criminality.
So, short of hypervigilance when clicking on links and/or responding to email, how’s the small business owner to guard against phishing attacks?
Up-to-date antivirus software can help protect you from phishing and other cyber threats; some even come equipped with anti-phishing capabilities that scan email attachments for dangerous content.
Consider having a point person in the office who researches all emails that seem random or suspicious or contain odd-looking links. Train your staff to forward those types of email to the designated “breach breaker.”
There exist a number of email security gateways to prevent phishing emails from reaching your and your employees’ inboxes. Check out Proofpoint Essentials or Mimecast.
Phishing attacks almost always depend on someone making a mistake, like clicking on a fake link in an email. Security awareness training should be mandatory for every business, no matter the industry or size. Make sure everyone in your business is educated on this issue and instructed never to click on links in emails without first verifying their legitimacy – particularly if the email appears to be from a financial institution you’ve done business with. Be aware that the missive may look like it comes from your bank, but if it contains a link, pick up that old-fashioned device known as the phone, call the bank and confirm the email’s authenticity.
Better to be safe than sorry is not just a saying – nowadays it’s a way of life! Learn more; contact us at email@example.com.