The vast majority of data breaches today are phishing attacks, occurring when a cybercriminal casts a broad net in the hopes of catching a small percentage of unsuspecting victims. In our last blog post, It’s Only Getting Worse, we describe both phishing and spear phishing tactics and why it is imperative for businesses to take precautions to protect themselves.
Small and midsize businesses are not immune to these threats. According to Verizon’s 2019 Data Breach Investigations Report, 43% of all cyberattacks involved small businesses. Here are 5 ways you can protect your firm from a potential threat:
- Antivirus software and firewalls. Your firm should employ both firewalls and antivirus software to prevent malicious files from getting through and executing. Every file that comes through will be scanned. It is important to ensure these are updated regularly.
- Update your software. Most phishing attacks exploit software vulnerabilities. These vulnerabilities are often uncovered and addressed in more recent versions and updates. Maintaining up-to-date software is an effective way to secure your firm against cybercriminals.
- Educate your employees. The people working on your firm’s network are the greatest threat to your firm’s security. Important points to educate your workforce include:
- Check the sender. Before clicking on an email link, make sure the sender name matches the address in the From field. Keep a lookout for addresses that look similar to a trusted person or organization, such as G0ogle or Wa1mart. Also, be wary of ‘Dear Customer’ or anything impersonal, particularly when it is a company that you already have a relationship with.
- Hover, don’t click. Do not click on any links in the email. Instead, use your mouse to hover over any links in the email to see the full destination URL. If the URLs are all the same, or you cannot see a trusted website destination, it may be a phishing email.
- Never provide your password. Generally, it is never a good idea to share sensitive or personal information over the Internet. A legitimate company, bank, or other institution will never ask for your password in an email.
- Delete or check with IT. When in doubt, either check with your IT department or IT partner or simply delete the email. If you believe you know the company, just call them at a phone number you verify separately. For example, if you receive a suspicious email from your credit card company, call the number on the back of your card to verify it.
- Test your employees. Education is only as good as your employees implementing what they’ve learned. Testing must occur several times a year to ensure that employees are alert and to determine what additional education is needed.
- Enable 2 Factor Authentication (2FA). 2FA requires a username and password plus one other method of authentication, like answering a question or inputting a token, to confirm the user’s identity. This is key because if a password is stolen, the second factor will prevent criminal access to secure data.
While this is not an exhaustive list, it does provide a solid foundation for any company to evaluate its cybersecurity practices to best ensure that your company and technology is best optimized to protect your firm.
Because of the constantly evolving threat landscape, Tabush Group recently launched a comprehensive service to protect both your systems and your users. Our Premium Defense Service offers additional security to anticipate and prevent cyberattacks. For more information, send us a message or call 212.252.0571.