It's staggering how easy it is to set malware loose on your digital systems. A wrong click on an email link or Facebook post could introduce malware to your computers, servers, and backup systems, and then what? Some cyber criminal may demand you pay ransom to restore your data. Even if you refuse and decide to rely on your cloud backups, you still have to hustle to ensure your data isn't stolen, your server is scrubbed, and your files are restored.
At best, you don't suffer a data breach. But you still lose: all that time spent in repair mode translates into business interruptions, lost productivity, and missed revenue.
By now you probably know about phishing emails and how much havoc they can cause, but the unfortunate truth is that many small business employees are still taking the bait. The Wall Street Journal reports…
- 23 percent of recipients inadvertently open phishing messages.
- 11 percent of recipients click on the links that transmit malicious code or ransomware.
This makes businesses vulnerable to ransomware in a way larger businesses aren't. After all, most small businesses can't splurge on the security training or sophisticated defense mechanisms that their larger counterparts can.
Though you may not be able to shell out for a full-fledged InfoSec team, you can ensure your employees understand how to avoid a basic cyber threat like a phishing email.
Cyber Security 101: How to Spot a Phishing Email
You may not have a lot of time to spare on cyber security training, but you can share these tips with your employees so they can learn to recognize phishing emails without jeopardizing the business. According to TechRepublic, here are a few trademarks of a phishing email:
- Mismatched URLs. If a questionable email comes your way, be wary of the embedded URLs. Phishing emails often display one URL in the body of the message, but if you hover your cursor over it, another address will appear. Don't click on it!
- Poor spelling and grammar. A professional institution is rarely going to blast out an email riddled with typos and grammatical errors.
- Requests for personal information. Remember: no bank, government agency, utility company, or higher-up at the business is ever going to ask you to submit your personal information in the body of an email. If the message is from someone at the business, better to call their personal line directly and ask why they need the information and whether they can take it over the phone instead.
- Requests to cover expenses. If there's one thing scammers can't resist, it's the chance to ask for money. The sender may say it's for fees, taxes, or some other expense, but rest assured, it's probably a scam.
- Unrealistic threats. If the email instructs you to hand over your login credentials or your account will freeze, know it's likely an empty threat to scare you into taking action.
Lastly, if an offer seems too good to be true (the Nigerian prince scheme, anyone?), it's likely a scam designed to open up your wallet or steal your information.
What to Do When a Phishing Email Appears in Your Inbox
Now that you and your employees know what to look out for, here's what to do if a malcontent message heads your way:
- Whatever you do, don't click the links!
- Report the email to IT personnel, if applicable.
- Inform employees about the suspicious email and instruct them to delete it.
For more cyber security tips, read the post "Dating Apps on Your Business Phone? Prepare for Heartbreach."