Cybercrime is a growing threat to businesses and individuals today. From ransomware like the WannaCry cryptoworm that spread rapidly in 2017 to more localized attacks that expose private data, these crimes cost American businesses billions of dollars each year and can pose an existential threat to smaller companies.
Though the huge attacks on recognized names like Equifax and LinkedIn may make headlines, it is small businesses that most often attract the unwanted attention of hackers. A 2018 Data Breach Investigations Report by Verizon showed that small businesses represented 58 percent of malware attack victims. Protecting your company from hacking is a critical responsibility for business leaders in the digital age.
One of the most common ways hackers gain access to a company’s network or data is through phishing. Phishing is a technique in which criminals contact one or more people via email, text or telephone and pretend to be a legitimate company or individual needing information. If they are successful in the attempt, the hackers then have log-in credentials that enable them to steal money or data, or to further infiltrate the victim’s network to expand their illicit access.
Many phishing attacks are quite sophisticated, making them difficult to recognize as fraudulent at first glance. However, you can significantly reduce your vulnerability to phishing by following these internet security practices:
- Pay attention to details. Is the email sent from an address you don’t recognize and trust? Are there misspellings, grammatical errors or punctuation problems within the address or message content? If the answer to either question is yes, consider the message a potential threat, especially if it instructs you to click a link or respond with personal information or log-in credentials.
- Be wary of attachments. Never click on an attachment unless it is one you are expecting and sent from a known, trusted contact. Even if the sender is someone you trust, if you don’t know what the attachment is or weren’t expecting to receive it, you should call or email for confirmation that it is legitimate before clicking or downloading. Hackers frequently spoof email addresses when sending malware as an email attachment.
- Avoid clicking links in emails. If the email instructs you to click an included link, do not click it! Hackers frequently try to direct victims to a fraudulent website that looks like the real thing so they can harvest the log-in credentials that users enter. Instead of clicking, type the site’s standard URL into your browser and sign into your account from there. Do not copy and paste the address from the email.
- Confirm requests for information. Any urgent request to confirm or update sensitive data (including usernames, passwords, account numbers or financial information) should be regarded with a great deal of suspicion. Before you take any action, confirm that the request is a legitimate one that originated with the purported sender. Most such requests are phishing attempts! Contact the sender using phone numbers, email addresses or other contact information you already possess or find via the website after typing the URL in manually. If you click the link, you might be “confirming” the request with a hacker who set up a fraudulent phone number or email address for just that purpose.
Comprehensive training on internet security protocols is an effective way to help your company stay safe from phishing attacks. It is important to make sure everyone in the organization receives this training and to provide frequent reminders and updates that address emerging cyberthreats.
Phishing isn’t the only way hackers can breach your company’s lines of defense, but it’s one of the most common and one that you can prevent through careful training and vigilance. To learn more about safeguarding your organization from hacking, reach out to the cybersecurity experts at HBP. We’ll help you protect your data, your customers and your good name in a world of digital dangers.