In the first 6 months of 2022, small-business phishing attacks rose by 48%. Even more dangerous credential phishing attacks, which attempt to gain access to employee logins, rose by 68.5%.
There are two primary reasons why thieves have upped small-business cyber attacks. First, many small businesses lack cyber security training to recognize scams, giving thieves a higher likelihood of success. Second, small-business owners are less likely to have software or staff that identify intrusions or breaches. This allows the bad guys to deploy ransomware, steal money or steal data before their hacks are discovered.
There are steps you can take right now to improve your security that won’t cost a thing.
Five Ways to Avoid a Small-Business Phishing Attack Now
- Limit employee access to sensitive accounts. This includes you. If you don’t make deposits or authorize payments, you don’t need access to the company bank account. The best way to prevent credential phishing is to limit account access to the smallest number of employees that is functionally feasible.
- Set up separate email folders. This can be time consuming at first, but the benefits are immense. By moving all of your trusted client, customer or vendor email addresses into a single folder, you’ll be able to separate phony communications from real ones.
- Check email first thing in the morning, not at night. Scammers often send phishing emails late in the afternoon or early in the evening. Why? They know that you’re tired after a day at work and more likely to want to resolve a problem quickly. They frequently send emails with urgent needs – log in now to protect your account, or log in now to verify this transaction – hoping to get you to try and resolve something before you leave for the day.
- Enable two-factor authentication. This simple step is nearly 100% effective at stopping credential phishing. If you have two-factor authentication activated on your accounts, your username and password is useless to thieves, because they likely will not have access to the device or email you use for verification. The strongest method for two-factor authentication is text messages sent to your phone.
- Never click on links in emails. The most common small-business phishing scams use fake Linkedin, Facebook, Instagram or financial services messages to get you to hand over your password, They claim that your account has been locked, or that they need to verify your password. Never, ever click on these links. Go to the site in question in a web browser, log in, then see if there is anything that needs attention. You will likely find that everything is fine.
As cyber threats against small businesses rise, cyber security is more essential than ever. Bad actors will find you, and if you are unprepared, you could spend years trying to get them to leave you alone. Take action now by taking our Virtual CISO Protection Quiz, which will help you assess your cyber vulnerabilities and readiness. If you have questions or want to speak to a cyber security expert, call us at 1-800-658-8311.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.