4 Steps to Protect Your Small Business from Phishing Scams
Every day your small business comes under threat from an increasingly sophisticated array of phishing scams. Here are 4 steps you can take to protect yourself.
The number of phishing scams designed to fleece you, your small business and your customers is on the rise again. In fact, 156 million phishing emails are sent every day. Of those, 16 million make it through the email filters, leading to 8 million opened emails and 800,000 clicked links.
In the early days phishing scams were largely tolerated because the crude attempts to defraud you and your customers could be easily spotted at 1,000 yards. Since then phishing attacks have evolved into the carefully planned and executed scams we see today. So successful have these scams become, that now 97 percent of people are unable to spot a scam before it’s too late.
Although no single silver bullet solution exists to wipe out the threat of phishing scams, there are a number of interlinked steps you can take to protect your business…
Step 1: Educate your staff
Drive to the heart of the problem by investing in an education and awareness programme that gives your employees a clear idea of what to look out for. No matter how many layers of security you have in place, phishing scams will always get through. The best way to defend against this constant menace is to have a workforce that understands exactly what to look out for. For example:
- Messages will often contain phrases like ‘reset your password’ or ‘verify your email’, but legitimate companies will never ask you to do this kind of task over email.
- Malicious links are often included in emails to dupe the recipient into entering personal details or sensitive information. You should never click through to a website from a link contained in an email. Instead, you should close the email and access the website through your browser. By hovering over links you can see whether the address matches the company name.
- Know your digital dealings, Last year Wonga was used as the facade of a widespread phishing scam. No data was leaked from Wonga’s secure database i.e. many of those contacted ‘as a loyal wonga customer’ had no previous affiliation with the brand at all and yet many were still duped by the tantalising loan offer that was, of course, too good to be true. Think critically of any message you receive, but especially if it’s from a brand who by all rights shouldn’t even have your contact data. The brand responded with a helpline to help raise awareness of the issue to customers.
- Attacks will often suggest that an account has been suspended and you need to provide particular details or perform certain tasks to make it live again.
Step 2: Install security software and stay up to date
You MUST ensure anti-virus, anti-spyware and anti-malware software applications are installed on all your office computers and kept up-to-date. Installing security software from at least two different suppliers will give you extra protection.
Additionally you must also ensure any operating systems and applications you use are fully patched and up-to-date. Many older businesses still operate their entire systems over Windows XP despite support for the OS being officially removed. It’s essential to stay current to stay secure.
Step 3: Think about subscribing to a cyber intelligence service
There are a number of cyber intelligence services out there that provide information about the latest threats and the different steps you can take to keep your business protected. A cyber intelligence service can keep you and your business one step ahead of the latest threats.
Step 4: Report any phishing attacks you receive
If you receive a suspect email you believe to be a phishing scam, make sure you:
- Do not click on any links contained in the message;
- Do not open any attachments;
- Forward the email to the website the message purports to be from for verification;
- Report the phishing scam to the police or the relevant government body or agency.
While implementing these steps will certainly boost your defence against phishing attacks, you still need to remain vigilant at all times to make sure your business doesn’t fall foul of these nefarious scams.