Earlier this year, small businesses were the target of a phishing scam that involved fake emails that appeared to be sent from the Federal Trade Commission (FTC). The email advised small business owners that their company was under investigation due to numerous consumer complaints. Users were prompted to click on a link to find out more. Recipients who clicked on the link were not directed to the FTC. Instead, malware was installed on computers with the goal of stealing financial or other sensitive company data.
This is just one example of how a phishing scam can harm your small business. While not everyone will be tricked by a hacker; the messages can be very sophisticated. By replicating a logo, a cyber criminal can send an email that looks like it came from your bank or another organization you do business with. Data from a few years back indicates that phishers are able to convince up to five percent of recipients to respond to their emails.
Get your team on board
The first line of defense against phishing is training your staff to be aware of phishing scams. Since banks are the most targeted institutions, advise your team NEVER to respond to emails that request personal information and to ONLY visit bank websites by typing the URL into the address bar. You’ll also want to keep a regular check on accounts to make sure there is nothing suspicious going on.
Also make sure your team never opens attachments that accompany spam emails; the majority of them are malicious. One click can give a hacker entre to critical company information or bring a deluge of spam on your small business.
Take other steps
- Build your defense: Don’t count on just one anti-virus program to do the trick. Install a firewall, anti-virus detection and anti-spam technology and make sure they are always on and up to date.
- Scan frequently: Even without sending a phishing email, hackers can exploit vulnerabilities in your system including out-of-date virus protection. Run up to date anti-virus scans periodically to detect and delete any malware before it wreaks havoc on your systems.
- Pick strong passwords: As soon as a phishing attack happens, change user names and passwords. Strong passwords are long and mix upper and lower case letters with symbols and numbers.
Don’t overlook mobile devices
As you consider how to protect your data, be aware that mobile devices are becoming an increasingly popular target for phishing scams. Trend Micro reports that in 2012, the firm found 4,000 phishing URLs designed for mobile Web. The figure is considerably less than other malicious URLs tracked for the year; but Trend Micro points out the figure demonstrates that mobile devices are a valid platform to launch an attack.
Trend Micro attributes the rise in attacks on mobile devices to the limitations of the devices themselves. The small screen makes it difficult for users to fully inspect websites to ensure they have anti-phishing security. Most mobile devices use default browsers so cyber criminals only have to focus on one type of browser versus several. And finally, Trend Micro says users may not realize mobile devices are just as vulnerable as desktop systems to attack.
Keep these steps in mind to avoid phishing for trouble at your small business.