Attention small- and medium-sized business owners! You are now officially target numero uno of cyber thieves. They view you as the perfect prey. After all, there is nothing valuable on most people’s home computers (as compared to the treasure trove on business servers), and businesses larger than yours likely have the necessary protections in place.
Think of it this way: the would-be cyber thieves are going down the virtual hallways of your office complex and are jiggling the door handles of every tenant. Those with locked doors and proper security in place get passed by, but those who don’t are a perfect target.
One virtual corridor that these criminals enter is through your corporate email. And they get in by exploiting common mistakes committed when your employees are sending and receiving emails. Just like you wouldn’t want them holding the door for criminals to walk in to your office, you wouldn’t want them giving the cyber thieves easy entry to every electronic file, client record, or digital trade secrets.
Are you confident that your employees know what a fraudulent email looks like? Are they aware enough to identify those emails? If this answer is yes, then most likely you are training your employees and reminding them about the risks of email scams. You also understand the most vulnerable part of your network is the end user – your employees.
Protecting your business and customers from cybersecurity threats doesn’t need to be complex and expensive. Training and awareness can go a long way to prevent a catastrophic loss. Knowing what the cyber bad guys are after could be your first line of defense. They are trying to get information about your business by:
- Circumventing technical defenses to find the easiest point of entry (e.g.a Starbucks gift card offer)
- Penetrating the network with a targeted email (e.g. “Dear Tom: Please log in to ADP”)
- Emailing someone within the company under a false, but known, identity (e.g. an email from the CEO)
All it takes is one of these methods succeeding to allow the criminal into your network. ONE successful attack can cripple your business.
Keeping a keen eye out for fraudulent emails is also an important step. The majority contain the words URGENT, IMPORTANT, RUSH, and look like they were sent by the business owner, a key employee, or even family. If you are suspicious of an email, stop and think about the sender and the request. If it REALLY were that important, would they email me at work? Or would they instead try to call or text? Ask yourself, “Why is my boss asking for W2 information?” The following are five useful tips on avoiding email fraud:
- Beware of requests for payment, transfer, or updating bank information (alarms should sound in your head if you see any of these).
- Check the sending email address – is it really from the owner or your Aunt Sally?
- Call the sender, but not by using telephone numbers in the email.
- Do not click links – hover over any link to view the destination.
- Scan attachments with antivirus software.
One other thing to keep in mind is that the frantic pace of your business could very well lead to an environment where employees ignore some of the obvious signs of fraudulent email. This could lead to employees carelessly sending the employee data, company bank account, or sensitive client information. The simple task of reviewing an email a second and third time could save your business thousands of dollars in loss.
So, we will end this with where we began: A few simple steps of training are the start to defrauding the fraudster. We offered some ideas herein but there are many more resources available online. A search of keywords such as “email scams” and “social engineering” return many quality articles and videos.
In the meantime, please stay safe out there!