According to Cisco, “Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.”
One of the most popular ways to undermine cybersecurity is phishing attacks.
Phishing attempts to access sensitive information such as passwords, banking and credit card info, and other sensitive personal data via email, text, or phone call. The phishing message seems to come from a legitimate institution you know and trust and asks for sensitive information. Often a link is included that the user is instructed to click to enter the information. In some phishing attacks, the mere act of clicking the link is enough to compromise your entire system. Any email, text, or call you receive asking for sensitive information should raise immediate red flags.
Small businesses are especially at risk for phishing. Why? Because they have fewer employees and are less likely to have formal cybersecurity procedures and controls in place. Many small businesses do not have a dedicated IT department on the lookout. These things make small businesses an easy target for phishers.
If your cybersecurity plan does not include employee training to spot phishing, it is incomplete and vulnerable. In addition, your employees should be using multi-factor authentication for all possible usernames and passwords they use at work.
Phishing has evolved over the years. General phishing attempts go after many targets at once and are not very personalized, making them easier to spot. Spear phishing describes a targeted online attempt to steal data or install malware. Scammers will do research to make their phishing attempt seem as legitimate as possible. Typically spear-phishing attempts target businesses. They can even craft emails that appear to come from within the business itself. Unfortunately, scammers are becoming so adept at phishing that it can be almost impossible to tell you are under attack. Since phishing attacks rely on human error, training your employees to recognize them is imperative.
How do you recognize a phishing attack?
- Check the email address- While the email header may look legitimate, checking the actual email address will reveal if it has been spoofed. Easier-to-spot phishing attempts may show a completely different and suspicious email address, but a cleverly-spoofed address will look real until you examine it closely and find that an “O” is a zero, or some other part is misspelled.
- It seems urgent- The scammer will put clickbait in the title. The phishing email may say that a suspicious login occurred and you need to verify your information to keep your account, or that you need to update your payment information or your service will stop.
- It contains spelling and grammar errors- An email from a real company will be professional and checked for errors.
- It contains a suspicious link or attachment- A link will show its true nature when you hover over it and inspect it. When you hover over a malicious link you will see that it does not lead to where the anchor text says. Only hover over a suspicious link if you’re absolutely sure you won’t accidentally click it. When in doubt, throw it out.
Employee training to spot phishing attempts should be on-going, not something you do just once. Many IT companies offer phishing training for their customers. These trainings simulate a phishing attack so you can see exactly who would fall victim to a phishing scam and leave your business vulnerable. The consequences of phishing attacks are quite serious, so make sure your business is protected. Cybersecurity covers a range of protective measures, find out how to secure your WiFi network by reading our blog. In addition, make sure your SQL database is safely backed up.
About the author: Sheri Holshouser is a marketing manager based in Dallas, Texas. In her free time, she likes to read science fiction novels and play with her pug Chloe. Learn more about her professional qualifications on LinkedIn.