Data breaches are one of the top concerns for some companies and yet are barely considered at others. The truth is that any company, big or small, well established or brand new is at risk of a cyber-attack.
No matter what type of business you have, a potential data breach could leave your business is a really tough position and even threaten your future.
What is a phishing scam?
Phishing is a scam that involves criminals posing as someone like a boss, colleague or an external company like a payment processor, and asking for sensitive information.
This is usually in the form of an email but can also be through a phone call.
The criminals lure email recipients to provide login information or to process payments through fake websites posing as legitimate ones.
The best line of defence
The best defence you have against cyber-attacks is education of your staff. The more informed staff are of common scams means they’re more likely to spot them and stop an attack about to happen.
Those with relatively little or no knowledge of phishing scams may not think twice about replying to an email supposedly from their boss. Phishing emails aren’t always easy to spot. Some are very sophisticated and well researched. However, here are some ways to spot a suspicious email.
Non-branded email addresses
While some hackers can get hold of convincing email addresses similar to your company’s, others are not so well organised. Make sure you tell your staff to look out for non-company branded email addresses asking for sensitive details. Look carefully at those email addresses asking for payments or login details.
Of course these can occur in genuine emails, (although preferably not) but it can also be a good indication that the email is not to be trusted. Look at how they’ve spelt people’s names, the company or contact details in their signature if they have one.
Many phishing emails ask for urgent action on payment or supplying data. This is in the hope that the recipient won’t have a chance to look too closely at the email.
However, if it’s that urgent, a phone call or a visit from the supposed sender is much better. Teach your staff to be careful of all emails asking for urgent payment. You might even want to make it a policy that urgent calls for payment should only be by phone or must be verified by someone else before anyone acts.
Addressed to ‘customer’
This is particularly common for emails addressed to individuals but can also be found in emails to businesses, supposedly from external companies.
In both these instances, the sender should know the name of the recipient particularly if it’s about sensitive information. The fact that they don’t means the same email has likely gone out to loads of other people in the hopes one of them will ‘bite’.
Any one of these signs could lead to a successful cyber-attack if you workforce isn’t vigilant. Get your workers used to discussing these things and checking in with one another.
Advise those unsure about opening links to ask someone else or to visit websites themselves through a link not provided in the suspicious email. If an email is genuine, you should get a message when logging into this account yourself.
How do you ensure your business is safe? Do your staff know about phishing attacks? Please share any thoughts in the comments below.