The number one way that small businesses can be targetted by cybercriminals is through Phishing emails.
Criminals use these emails to trick others into sharing confidential information or getting access to systems. If successful your network can be infected, leading to the loss of personal and company information and even your personal identity may be targetted.
On the surface Phishing emails may look harmless, so you need to look carefully for the telltale signs of Phishing:
Check the sender's email address, but compare it to an official email for consistency
If the email asks you to check an attachment, make sure you know what the attachment is and where the link leads you. If you are uncertain, don't click the link and contact the sender via a known method to confirm that it was sent to you. Be particularly wary of attachments that you don't recognise and don't click the link.
Wording may include aggressive tones to frighten you and scare you into action. When an email requests that you send money, with the links to send you to a payment page.
Some emails may pretend to benefit you by saying you are entitled to a refund or reimbursement, however if it looks too good to be true, it likely is. Don't click the links or take any action.
It's important that you don't just accept an email at face value.
Ask yourself why the sender might be asking for the personal information they are, reconcile in your mind about what the purpose of the refund might be and whether you have heard about this before. Is this actually a company you deal with? Is it usual to get these types of emails at this frequency from this company? As you start to think critically about the email you have been sent, you may see things logically start to unravel.
Listen to the voice in your head that screams "don't click the link!"
If your business has been compromised by an attack, a cyber security criminal can take your identity to try and swindle your suppliers or customers out of money, goods or services - leaving you to pick up the pieces.
If you are a target of a Business Email Compromise, you may recognise unusual urgency, grammatical errors or an unnecessary level of confrontation to scare you into clicking links to find out more information. Don't be fooled if this happens to you - again ask yourself does this sound like the people you normally deal with, and if in doubt contact them another way to clarify.
Think before you click.
Phishing is a constant threat, but you can reduce your chances of being a target. Use a password manager and use different passwords for all your accounts. You can also use a two factor authentication which is a second password step like an SMS as part of your login process.
If you need help with setting up third party authentication to tighten your security, contact our friendly support team and we can help you and make your systems more resilient.
Sunday, October 9, 2022
