34% of small business owners expect that they will have an attempted data hack in the next year. Unfortunately, small businesses are prime targets for cyber attacks because hackers know small businesses don’t typically have dedicated IT departments focused on data security. While cyber threats will always exist in our evolving digital world, there are some steps you can take to protect your small business.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), for malicious reasons, by masquerading as a trustworthy entity in an electronic communication (usually email). The National Cybersecurity Institute found that 38% of phishing attacks were aimed at companies that had less than 250 employees. Hackers understand that small business owners are often focused on sales, marketing, customer service, human resources and everything else that goes into running a business.
You can protect your business, and your customers, from phishing attacks by training your employees to:
Look for the Security Lock
Before entering any personably identifiable information online, even if it seems benign, there are two easy ways to identify that a website is safe and secure. The first is the lock icon in the URL bar, and the second is the https designation. Note, the “s” on the end of the http signifies the site is encrypted for security.
Use the Phone as an Additional Security Precaution
Teach your employees to call customers who are requesting sensitive information such as passwords or bank account numbers. It is very easy for hackers to spoof an email address by altering a letter in the domain name (i.e., adding an s to the end of a domain might go unnoticed). Many hackers use this technique to request wire transfers, gain access to personally identifiable information, and build credit card profiles. By instituting a policy of phone driven communication for this type of information, you are taking an additional step to ensure that only authorized people are getting access to secure data.
Something is usually strange, or “off”, when it comes to phishing attempts, so it is important to teach employees to be careful when dealing with sensitive data like credit card information and passwords. For example, if you receive a call requesting the password for an account, it is good practice to verify the person’s identity before providing the password to ensure it is not a scammer. Teach employees to be cautious and investigate anything that seems out of sorts to help protect your business, and your customers.
Be Particularly Careful with Emails
It is estimated that between 23% to 30% of phishing emails are opened by employees, and 11% or more open the attachments. Often times, the recipients even suspect it is a malicious email. To keep your company safe, teach your employees to watch for the following:
In addition to protecting your company and employees from phishing attacks, it is equally important to make data security part of your company culture. Some best practices include:
Scams come in all shapes and sizes. For example, we have a promotional marketing client who received a large order via email for USB memory sticks. Our client was excited about the potential of a $25K sale, but didn’t trust the order since the order was for blank sticks and their business is focused on customizing these products with logos. In addition, the email was poorly written and originated from a non-descript Gmail account. When they gathered more information, they learned the person was offering to pay with a stolen credit card and requesting they be shipped to a rented warehouse. Luckily, a smart employee knew something wasn’t right and investigated further before processing the order. Had the employee processed the order, the company would have lost $25K in goods.
If you spot a business, or offer that sounds like an illegal scheme or fraud, help the Better Business Bureau investigate and warn others by reporting what you know. The BBB Scam Tracker is located at https://www.bbb.org/scamtracker/us.
Sometimes the best defense is a good offense. Here are a few cyber security solutions that cater to small business.
Even if you don’t have a dedicated IT team, you can help protect your company, your employees, and your customer from cyber attacks. By understanding phishing scams, implementing best practices for data security, and keeping up-to-date on the latest fraudulent schemes, you will lower your risks of a cyber attack so you can keep focused on growing your business.
About Breakout Capital
Breakout Capital is committed to responsible funding. We believe it is better for you to keep your business and grow it responsibly than set it up to fail with insurmountable debt. Please contact us today if you’d like to partner with us.