Gone phishing: Protect your company against cyber crime
It’s no secret that cyber attacks are on the rise and becoming more sophisticated every day. In fact, according to The 2019 Hiscox Cyber Readiness Report™, 53% of US firms were victims of cyber crime in the past 12 months, up from 28% in 2018.
There’s one type of attack that small business owners should be particularly aware of, because it is both simple and effective for hackers. It’s phishing, and here’s what you need to know to avoid falling for it hook, line and sinker.
What is phishing?
Phishing is a way that hackers gain access to a computer system or sensitive information. They send an email that may look as though it comes from a familiar address – perhaps even one that’s inside the organization – that includes a link. The link looks like it will open an important file or take you to a website, but in fact it may infect your computer system with a virus or malware. Some phishing attempts will ask you for log-in credentials which are then used to access your accounts.
There are different kinds of phishing, including spearfishing (targeted phishing emails), smishing (phishing by text message), and others, but they are all forms of social engineering designed to separate consumers or companies from their sensitive data or assets.
How can it be prevented?
The first step in preventing phishing is to recognize it. Here are some telltale signs that an email may be a phishing attempt.
1. An email address that doesn’t look quite right. If your company uses First DOT Last AT company DOT com for email addresses, don’t open one that is addressed to FLast AT company DOT com. But keep in mind that valid email addresses can be spoofed, so even if the address is correct, the email may be fraudulent.
Verify the sender’s email address by hovering over it in the preview pane. The actual address the message came from will appear. If it’s not what you were expecting, don’t open it!
2. There’s a link in the email that you’re instructed – or even threatened – to click on. As with the sender’s email address, you can hover over the link to see where clicking it will take you. If it’s a phishing attempt, the web address will be different from what you’d expect to see.
Never click on a link in an email unless you’re absolutely sure it’s legitimate. Instead, type in the website address yourself.
3. The request is out of character for the sender. An urgent message from the CFO to an accounting clerk asking for an immediate wire transfer of funds is a huge red flag. So is a request that is described as ‘secret’ or sent outside of business hours, or a request from a vendor to wire payment to a different account.
Confirm any request to transfer funds with the requester, either by phone or face to face.
4. The language or format of the message may be unsophisticated or incorrect. A message that appears to be from a large corporation but includes spelling or grammatical errors is suspect.
That said, hackers often steal the logos of major companies and spoof their email addresses. Don’t assume that an email that looks like it’s from your bank actually is.
What if someone in my company gets a phishing email?
The first instinct is often to delete the message, but a better plan is to notify your IT department or consultant. Don’t open the message beyond the preview pane, and certainly don’t click on any links. Once IT gives you the all-clear, delete the message and, if you forwarded the message to IT for investigation, delete the forwarded message as well. If you handle your own IT issues, follow your internet service provider’s guidelines for reporting suspicious email.
Notify everyone in your organization so they know to be on the lookout – hackers will often target many employees in the same company.
Staying one step ahead of hackers can seem like a full-time job, but it’s critical to keeping your business safe from cyber crime. For more on how to be cyber ready, download the 2019 Hiscox Cyber Readiness Report.
Related Articles
A cyber security expert answers your ransomware questions
What is ransomware? Who is vulnerable? And most importantly, how can you protect your small business from the havoc it can wreak?
We sat down with Meghan Hannes, Head of Cyber and Tech Errors and Omissions for Hiscox USA. Meghan has been underwriting and managing cyber security and privacy-related risk since 2004. She is a noted author, speaker, and award-winning product head in the cyber insurance space.
Remote working increases cyber risk for small businesses
The pandemic has changed the way we do business in many ways. One of the most remarkable changes – and one that may become permanent for many businesses – is remote working. While this has been an advantage, the increase in cyber attacks since more people have been working from home is not a coincidence
Read More
The most common accounting mistakes made by small businesses and how to avoid them
Whether you’re a new or experienced small business owner, financial responsibilities—including accounting—can take a while to get the hang of. There are so many moving parts to keep track of, not to mention a lot of math to do, which makes mistakes almost inevitable. That’s why many companies bring on an accountant as soon as they can. But if that isn’t an option for you just yet, don’t worry. We’ll cover some of the most common accounting mistakes made by small businesses and how to avoid them, so you can protect your business.
Read MoreWe provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.