Your employees are your most valuable asset. But they can also be the weakest link in your security chain. Often gaps in employee knowledge and cybersecurity are only identified when full-scale problems arise. Small business owners can learn from the ‘human error’ mistakes of big organisations by training employees to detect and identify cyber dangers. In particular, phishing scams which are becoming more sophisticated and increasingly targeted towards small business.
Phishing attacks rarely make the news these days because there are so many of them.
Phishing is big business for cybercriminals: in the second week of 2018, for example, SophosLabs intercepted phishing attacks that abused the brands of many financial institutions. Organisations that had their brands hijacked in this way include: eBay, PayPal, VISA, American Express, Bank of America, Chase, HSBC, National Australia Bank – and that’s just in one industry sector. [Sophos Ltd. Jan 2018]
And the Netflix brand is still being targeting by fraudsters.
Unfortunately small business and employees are often a soft target for cybercriminals. Phishing emails and other types of attacks may target workers deliberately, in an attempt to make them give up login credentials or unwittingly reveal sensitive information.
For that reason, it is important to take the necessary steps and precautions to educate workers and develop workplace policies. Systems that workers use should be hardened and protected, to avoid security breaches and catastrophes.
Most phishing attacks are angling for something you know but are supposed to keep to yourself, such as:
- usernames and passwords for existing accounts
- credit card numbers, expiry dates and CVV codes
- personal information that you wouldn’t usually give out.
Even if you back yourself that you can spot phishes from a mile away, it’s still worth reminding yourself from time to time what would go wrong if you were to make a mistake and click through.
Here are 3 steps small business owners can take to protect the business
1. Establish policies and train employees
Take the time to educate employees so they are aware of the risks and what to do. Simply by talking about the importance of data security and safe browsing, employees are more likely to make it a priority.
Develop policies for worker cybersecurity. Spend some time going over common security issues and how to avoid them. Giving employees the knowledge, for example, to detect if there’s something “off” about an email will help them understand how to identify and avoid being tricked into clicking on and opening phishing emails.
2. Protect systems employees are using
If systems that employees use are insecure, then by definition your business is less secure. It is therefore crucial that systems are hardened and protected. Some basic steps to take to protect systems that employees use are to:
- install and run anti-virus software – including for remote workers
- always back-up your data
- use cloud technologies only from established vendors.
3. Disable access when employees leave
I’ve noticed that often small businesses may overlook disabling former employees access to systems and data.
Keep safe online – Contact us now for cybersecurity information and policies for small business to avoid phishing scams and your clients seeing the message below when accessing your site: