Here’s a scary fact: In the 2018 Data Breach Investigations Report by Verizon, 58 percent of data breach victims were small businesses.
There are many challenges to owning a small business, and cybersecurity remains one of the top threats. Small businesses are predominately targeted through phishing emails. Phishing emails are becoming more and more sophisticated, but they are still one of the easiest ways for a cyber-criminal to breach a small business.
Phishing emails attempt to trick the user to send confidential data or to install malware by clicking a link or downloading a file. Phishing emails are sent in bulk knowing that not all will be successful, but it only takes one person to click a link or download a file to cause a data breach.
According to Vailmail, an email solutions provider, an estimated 6.4 billion emails with spoofed sender addresses are sent every day. Both small businesses and big brands alike can fall victim to a phishing attempt. In January, a phishing campaign targeted over 550 million email users with phishing emails posing as legitimate popular brands and services offering discounts and coupons to those who participated in online quizzes and surveys. In June, popular app WhatsApp was used to send phishing messages to users of the app offering free Adidas shoes if the user clicked the link.
So what can a small business with a limited IT and cybersecurity budget do to help protect themselves from cyber threats and specifically phishing scams? One of the most important things they can do is raise awareness and provide training to their employees. Cybersecurity awareness training should be included in all employee onboarding and should be offered annually as well.
Another important step in protecting a small business from phishing attacks is to have employees report when they see a phishing email come through to their inbox. By reporting the phishing email, other employees will be aware that a phishing email might be coming to their inbox soon, too. This can minimize the likelihood of someone opening the phishing email and either clicking the link or downloading the malicious file attached to the phishing email.
Besides addressing the human element of protection against phishing emails, it is important to make sure each device used at your business has an anti-virus or anti-malware solution installed and up to date. This includes mobile devices like smartphones and tablets. There often are no-cost or inexpensive solutions that a small business can deploy to its devices. These act as a first line of defense in stopping malware from the links or files from installing and infecting the device. However, anti-virus and anti-malware alone will not stop every incident, so it is important to have a properly configured network and firewall to help prevent a cyber-criminal from gaining access to the business network. Another tactic a small business could implement is putting limits on what data an employee can access, giving them access to only the data they need to perform their specific role in the business.
Protecting your small business from phishing attacks and other cybersecurity threats is a multi-layered approach. Each layer provides an additional piece of protection. Training is one layer, reporting phishing attempts is an additional layer and having an anti-virus solution is yet another layer. As cyber-attacks become more and more complicated, it is important to deploy multiple layers of strategy to protect your small business.