Situation Analysis
Tips on protecting your business against Phishing attacks.

How to Prevent a Phishing Attack from Crippling Your Business

How to Prevent a Phishing Attack from Crippling Your Business

Cyber attacks are on the rise and small businesses have become a favorite target. To counter these attacks, an increasing number of small businesses have invested in cloud-based security systems that can protect their entry points and more quickly detect threats. However, even the most sophisticated cyber security system can’t protect businesses from the most common and unsophisticated form of cyber assault known as “phishing,” which costs businesses nearly a billion dollars a year. In fact, it’s so successful that phishing attacks have increased by nearly 800 percent over the last year alone.

Warning Cyber Attack

Nearly 80 percent of businesses say they experienced phishing attacks in 2018. Chances are, your business has been targeted by phishers, whether you know it or not. But, even if you did, would you know how to defend against an attack?

What Exactly is Phishing?

Phishing is an embarrassingly simple method of infiltrating your computer or server to plant a virus or malware. Someone dresses up an email to make it look legitimate – like it is coming from a government agency, financial institution or a colleague – and sends it to you with some sort of call to action, such as an alert about an account that needs updating or a warning it is about to be closed. It could be a question about a recent order you made. It could be any type of message designed to get you to click on a link embedded in the email. If you click on the link, it takes you to a website that looks legitimate. Once there, you are invited to log in, which can reveal the information a phisher needs to pose as you on the real website. From there, it can get into your accounts, drain your funds or spend your money as it pleases.

Phishers have become more sophisticated each year, with better techniques for disguising their emails, making them appear more authentic, and even personalizing them with information they have about you from a web search. Through the sheer law of numbers, they know that someone is bound to fall for it, open the email and click on the link.

Taking Your Data Hostage

In recent years, phishers have been going large scale by taking an organization’s data hostage and holding it for ransom. Instead of enticing you to follow a link to a fake website, the link becomes the trigger that unleashes malware or, “ransomware,” that encrypts your data. The next time employees turn on their computer, they are greeted with a screen informing them that their data has been kidnapped and cannot be released until a ransom is paid. Most ransoms are small – ranging from $500 to $2,000 – so most businesses will pay it quickly rather than expending resources to try to unlock it on their own.

Defending Your Business Against Phishing Attacks

Because phishers are adept at penetrating your firewall, you and your employees are your first line of defense. Your primary weapon is education – training everyone with access to your computer network how to spot a phishing email so it can be deleted. Here’s what to look for:

Fake sender address: Phishers use a variety of methods to mask their emails. A closer look can uncover discrepancies such as a misspelling or conspicuous dash in the subject line. If you hover the mouse arrow over the sender’s email address, it will reveal the actual sender.

Salutation: If the salutation doesn’t include your first and/or last name, or your name doesn’t appear in the salutation, delete the email.

Urgent call to action: Any email asking you to take immediate action should be suspect. Do not click on any links.

Request for personal information: Any legitimate organization would never request personal information by email.

Fake links: Before clicking on any link, make sure the organization’s name is spelled correctly. If you do click on a link and are taken to a website, double check that the URL address begins with “https.” If the “s” is missing, the link is fake.

It only takes one phishing attack to hit its mark to cripple a business. Use every opportunity – monthly meetings, lunch meetings, quarterly reviews, etc. – to educate your employees.

Read other situation analysis articles