Most employees know to be careful when clicking on emails they receive from unfamiliar senders. But as cybercriminals and their tactics have become more and more sophisticated over time, it has grown harder and harder to recognize a scam. And as a result, the threats such attacks pose to a business and its systems continue to grow.
Just how big are the threats? Consider this: According to a recent report by insurance carrier Hiscox, in 2019, the average cost of a single cyberattack on a business reached just under $200,000. And businesses of all sizes can be targeted. In fact, 43% of today’s online attacks are aimed at small businesses and less than 15% of these businesses are adequately prepared to address the threat.
While taking technological steps to defend a business’s computer systems against cyberattacks is highly recommended, workforce awareness can also go a long way toward preventing digital disasters. To help ensure that businesses are a step ahead of online fraudsters, employees should constantly be on the lookout for these five common cybersecurity threats:
- Phishing and other fake emails: These malicious emails attempt to trick users into providing sensitive information, such as passwords or credit card information. They also try to get users todownload dangerous malware by impersonating acquaintances or legitimate companies with whom the recipient might do business. The following are common signs that an email might not be legitimate: poor spelling and/or grammar, a false sense of urgency, a request the recipient provide sensitive information via an email or an online form, linked words or images that do not go to the destination they are supposed to, links to non-secure sites and the inclusion of small bits of personal information that scammers could have obtained elsewhere online.
To protect against phishing and fake emails, workers should:
– read emails carefully for spelling and grammatical errors and verify the sender before providing any sensitive information, downloading suspicious files or clicking through on suspicious links;
– be wary of any emails asking for personal or payment information;
– if asked to provide sensitive information, call the business or go directly to its website to log in rather than clicking through on a link embedded in an email (most legitimate businesses won’t ask for this info via email)
– double-check the destination of any embedded links in an email before clicking through on them (when a user hovers over a link with his or her cursor, most email browsers have a feature that displays the web address to which the link directs);
– avoid downloading or opening attachments in suspect emails.
- Social-engineering scams: Often employed in phishing emails, this type of deception aims to fool the recipient into thinking the sender is a trusted person or business. Common themes in this scam include the sender claiming to be a friend or family member in trouble and in need of financial help, pretending to be a trusted company threatening to limit or shut down a user’s service if requested (and often sensitive) information is not provided, offering a deal that seems too good to be true and claiming to be a collection agency of some sort seeking owed funds. In addition to generally being aware of and skeptical of such requests, users can employ the same precautions mentioned above for detecting and safely dealing with phishing emails to avoid becoming a victim to this type of email scam.
- Malware: This is harmful software designed to damage or gain access to a user’s computer and the information on it and it is often proliferated via the phishing/fake emails mentioned above. When activated, malware can often lead to issues such as sluggish performance by a user’s computer, new and unrecognized toolbar icons in a user’s internet browser, more pop-up ads than usual or unauthorized access to a user’s accounts.
To protect against malware, users can employ tactics such as:
– installing and maintaining regular updates of anti-virus and anti-malware software;
– exhibiting extreme care when downloading free software or peer-to-peer file-sharing applications as scammers often use these as a vessel for malware;
– regularly backing up important files to the cloud or to a separate external storage device so they can be easily retrieved if a malware attack does strike;
– ensure that the emails come from a trusted source and even double-check with the purported sender before downloading or opening any unexpected or suspicious files or attachments.
- Password theft: This type of cyberfraud happens when a third party guesses or somehow steals a user’s password, which can be especially detrimental to businesses that handle sensitive data or digitally retain the personal information of their customers. As passwords are often stolen via phishing or social-engineering attacks, following the precautions mentioned above for each of those threats can help prevent password theft. Further, employing complicated/hard-to-crack passwords as well as two-factor authentication for accounts containing particularly sensitive information can help minimize the chances of falling victim to password theft and the subsequent damage the successful theft of a password could cause.
- Texting scams: As more companies provide their employees with company-issued smartphones, the threat of this type of scam impacting a business has grown. One common type of texting scam known as “SMiShing” (pronounced like “phishing” with an “sm” on the front end) employs some of the same tactics as phishing, only via text message. These fraud attempts will often include links directing the recipient to a fake website that appears to look like the website of a legitimate company. Once users arrive on the fake site, the scammers will attempt to get the user to disclose sensitive or financial details.
To avoid falling victim to this type of scam, device users can:
– avoid opening text messages from unknown senders;
– refrain from sending any personal information to unknown senders via text;
– avoid clicking through on suspicious links sent via text, instead going directly to a company’s website and logging in;
– avoid calling any phone numbers provided in suspicious texts or texts from unknown senders.
While not always scams, spam texts are messages that are sent without the recipient’s request or permission, and they often contain unsolicited advertisements. It is best not to reply to these texts, either, as it could invite more spam emails by letting the sender know that the line the ad was sent to is genuine.
Businesses looking to protect their digital assets do not have to go it alone. When you need local, professional cybersecurity assistance, help is nearby and easy to reach. FTC IT Solutions offers a range of cybersecurity-focused services, including Managed Firewall Services, 24×7 Monitoring & Alert Response, Maintenance Updates Support, and Hosted Antivirus & Spyware. Visit the FTC IT Solutions website today to learn more and to step up your business’s online security.