An increasingly common cybercrime, phishing is the term for when criminals attempt to get users to provide them with sensitive information via the internet, or in the past, phone calls or letters. Phishers may send fake emails or construct bogus websites, hoping internet users will either make an online “transaction” or reply with personal details. Unfortunately, cyberattacks against businesses and individuals using phishing tactics have only increased over the years, and they show no sign of slowing down.
Phishing Statistics – Small Business at Risk
The 2019 Global State of Cybersecurity in Small and Medium-sized Businesses conducted by the Ponemon Institute LLC stated:
- “In addition to tracking trends in cyberattacks and data breaches, this year’s study reveals how SMBs are unprepared to deal with risks created by third parties and the Internet of Things (IoT).”
- “A key takeaway from this research is that over the past three years there has been a significant increase in SMBs experiencing a data breach as shown in Figure 1. In addition, 66 percent of respondents said their organization experienced a cyberattack in the past 12 months.”
- “In the aftermath of these incidents, these companies spent an average of $1.2 million — an increase from $1.03 million in 2017 — because of damage or theft of IT assets and infrastructure. In addition, disruption to normal operations cost an average of $1.9 million, an increase from $1.21 million in 2017.”
- “Phishing and web-based attacks are the top two cyberattacks. Seventy-two percent of respondents said that they have experienced at least one cyberattack.”
We highlight these findings, not to create unnecessary fear but to help educate. We hope we can help prevent this for all our clients! If you own a small business, here are some proven ways to protect yourself from phishers.
Never Provide Personal Information to an Untrustworthy Source
If you are like most people, you may be used to receiving important information and updates from your bank via email or text. There is nothing wrong with this, but unfortunately, phishers often pose as banks and other financial institutions to obtain personal information from consumers. Never send personal banking information to a “bank” via email or text. If you are unsure of a company’s website or email is authentic, don’t hesitate to contact them directly.
Be Wary of Emails from Unknown Parties
Emails from unfamiliar or unlisted addresses are often phishing lures capable of infecting your computer or phone with malware. Once you click the link to the email, the malware will install itself, usually without your knowledge, and may obtain any important information you enter into your computer or online.
Don’t Fall for Scare Tactics
Phishers often attempt to scare users into providing them with sensitive data by pretending to be government organizations or large companies. For example, a phisher may send a threatening email pretending to be the IRS or the CIA. Some phishers may even claim they already have access to your personal details or browsing history, which they will share with everyone else if you don’t provide the rest of your financial information. Do not respond to such threats.
How to Mitigate this Problem
Here at Palitto Consulting Services, we understand the importance of cyber security. There are three important steps you and your business should be taking:
- Two-factor authentication should be added to your email accounts
- Anti-spam and malware and anti-phishing filter software should be used
- Your team should receive some phish threat and security awareness training