In previous posts we have discussed the very real threat that a Cyber attack could have on your small business. In those posts you’ve read the term “phishing attack” described as one of the top threats facing small business owners, but what is it? Is your business really at THAT much of a risk of an attack? Do you have a prevention plan i place? Moreover, is John Fishman involved?
What are Phishing Attacks?
Simply put, a phishing attack is a type of cyber-attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
These started coming to the attention of folks a few years back. Think “Nigerian prince” emails or emails that claim that the sender has just inherited a large amount of money and wants to share the profits with you, a random person that they have never met.
By now you are aware that the prince isn’t sending you a personal email to share his wealth, and your new friend across the pond isn't really looking to share their new found wealth with you.
While these emails seem laughable now, according to studies business owners are overconfident in their abilities to spot a phishing attack. Just last year, 3 in 4 businesses experienced a phishing attack, which is 30% higher than the rest of the world, and a 14% increase from the year before.
Along with everything else in our new digital first world, spammers are changing their tactics constantly, and are setting their targets on your small business.
So, Is your business at THAT much of a risk of a phishing attack?
If you think just because you live in a small town in Georgia, or that nobody would really take the time to mess with your small business because it’s not some multi million dollar enterprise, think again.
Here are some questions to ask yourself.
Do my employees check personal email during the day?.
Are my employees on any social media sites?
Do my employees do any online shopping?
Could my employees spot a suspicious email?
Your answers to these questions may surprise you. If your employees are checking their personal email, getting the latest gossip from Facebook, and doing some online shopping your business is at risk.
The most important answer is can your employees spot a suspicious email when one comes across?
What do phishing emails look like now?
I could spout off a few more statistics from studies I have read in the past weeks about cyber attacks, but here is a real life example from my business.
In just the last two weeks, I have seen at least 10 emails come across my server that were suspicious in nature. That’s at least one email every working day, and it just takes being a little under-caffeinated and overworked for you or one of your employees to click a link.
I know that suspicious in nature is a broad term, so here are some things I look out for as a business owner that immediately gets my spidey senses tingling.
Subject lines
“The documents you requested”
“Changes to your plan”
“Password verification required”
“Urgent Please Update”
Emails
Unexpected attachments
Inconsistent URLS
Anything stating “Action Required”
Something just seems “off”- logo is pixelated, color off, email doesn’t look like it normally does.
A better example, and one I have shared with my employees happened just last week.
I was emailed back and forth with an underwriter about a client moving their policy to another carrier. Later in the day an email comes across (seemingly from the underwriter, with the subject line “Signed Documents attached.”
Luckily I was in work mode and noticed that the email address seemed off. It had the underwriter's name but the address was not from the company. I immediately took a screenshot of the email, and sent it back to the underwriter, quarantined the email in my server and started an antivirus scan. I followed the plan that I wrote for our company for events just like that.
What’s your company’s plan to combat phishing attacks?
When Mike Tyson was asked by a reporter whether he was worried about Evander Holyfield and his fight plan before their first fight in the 90’s he answered; “Everyone has a plan until they get punched in the mouth.”
What Tyson said is similar to the old saying “no plan survives first contact with the enemy”. But does this mean that there is no need to plan? Absolutely not.
By planning for an attack to happen and having processes In place, your business is more prepared to defend itself.
If you don't follow boxing that closely, or your memories of 96 are hazy at best, a reminder. Holyfield was a 25-1 underdog entering the fight. He stuck to his plan, through a dogged fight and stopped Tyson on a TKO 11th round to win.
Bottom Line: You need to have some sort of plan in place to defend your business.
Now, I'm not saying you have to type up a large workbook with screengrabs and infographics. A simple one page, here's what to do will suffice. If you don't have the time, you can get in touch with us by email and we will send you a copy of our company's internet policies.
Also, if your business does not have any cyber coverage, or you want to just make sure your cyber coverage is where it needs to be you can click here to be taken to our website to request a coverage tune up.
If you have read this whole blog, and are now a little suspect on clicking links, that's OK! You can call or text us at 229-430-9107 and we will gladly help you.