The Invisible Threat You Should Protect Your Business From: Phishing Attacks

Cyber attacks are on the rise each year and can target both small and large businesses alike. Protect your business from phishing attacks.

What is a Cyber Attack and is My Business at Risk?

Cyber attacks are on the rise each year and can target both small and large businesses alike. Small businesses are just as susceptible to cyber attacks as large corporations, if not more so! Typically, smaller companies lack the robust security infrastructure that larger organizations have making them a prime target for cyber criminals.

One of the most common cyber attack vectors for small businesses is a form of social engineering known as phishing. Since phishing leverages human error, anyone can be a target.

Be Aware of Phishing Schemes

Phishing schemes can often fly under the radar of major media attention but still cause costly and devastating damage to businesses.

These attacks come disguised as seemingly legitimate communication, usually posing as a company or person you know and trust.  When delivered via email, phishing attempts often create a sense of urgency and a call to action, such as clicking a link or opening an attachment. In addition, phishing may also arise as a phone call (vishing) or via SMS messages (smishing).

Phishing scams normally try to:

• Infect your device with ransomware or other types of malware
• Steal your private credentials to get your money or identity
• Obtain control of your online accounts
• Convince you to willingly send money or valuables

Phishing can lead to business email compromise attacks, where hackers take over the mailbox of a specific individual. If a hacker gets into your email, contact list, or social media, they can spam people you know with phishing messages seemingly from you.  Trust and urgency are what make phishing so deceiving and dangerous. If the criminal can convince you to trust them and to take action before thinking — you’re an easy target.

A study by Stanford University found that 9 in 10 corporate data breaches are caused by employee mistakes in falling for these cyber attack schemes.

One predator group, REvil, is estimated to have collected $100 million in fraudulent payments from cyber attacks and phishing schemes in the first six months of 2021 alone. These attackers then use their earnings to purchase more expensive and advanced tools to further compromise larger, more secure networks. The cycle continues.

How Do So Many Cyber Crimes Go Unnoticed?

Based on National Cybersecurity Alliance and CybSafe’s Annual Cybersecurity Attitudes and Behaviors Report in 2021, 64% of workers claim to have no access to cybersecurity training. Even more startling, nearly a third (27%) of those who do have access, chose not to use it.

This is cause for major concern within an organization considering statistics show 1 in 3 people are or will be the victim of a cybercrime. With more businesses than ever finding a dependency on digital operations, knowing how to protect yourself and your operations is essential.

Preventing Cyber Attacks in Your Business

Many cyber attacks can be combatted and prevented simply by educating your employees on proper cybersecurity hygiene and being vigilant in your digital safety. Oftentimes, employees simply do not understand the severity of a cybersecurity threat and do not know what to look out for or beware of.

Take the first steps in protecting your business from phishing attacks by:

• Regularly scanning for viruses and malware
• Securing your networks with a VPN
• Provide cybersecurity awareness training that isn’t too technical, too dull, and solicit employee feedback. Practice a healthy level of suspicion and familiarize yourself and your staff with Social-Engineering-Red-Flags.pdf (knowbe4.com)
• Consider simulated phishing campaigns to gauge understanding and track progress.
• Always report suspicious calls, emails, instant messages, or text messages to your IT team.
• Utilize a two-step verification process for any requests to change payment information, such as callbacks to verified numbers.
• Implement multi-factor authentication (MFA)
• Obtain comprehensive standalone cyber insurance coverage

Be Confident in Your Digital Safety & Protection!

Take a proactive approach to build a culture of security within your organization.

Employee training and education is a great point of frontline defense against phishing attacks. Oftentimes, cyber insurance policies include valuable risk management resources such as employee training courses to mitigate the risk of phishing attacks and other forms of cyber crime.

Speak with our cyber insurance experts at Morris & Garritano to learn about what risks your business might be facing and find customized coverage to suit the unique needs of your company.