Phishing seems like more of an outdated buzzword. In reality, phishing scam alerts abound in the small business world. According to smallbiztrends.com, in 2016, small businesses were the targets in 43% of all phishing scams, and that number is on the rise significantly from just five years ago.
What is a phishing scam?
Also referred to as spear-phishing, small business phishing scams are typically generated via email. Small businesses are easy targets because there are typically fewer – if any - security measures in place and small business owners don’t have time to educate and train key personnel they way they should regarding potential scam risks.
In most cases, cyber criminals are after money – and they’ll get it by targeting those in charge of billing and payroll – and/or by finding ways to hack in to your companies database so they can steel vital information about clients, prospects, customers and other sensitive contacts. As you can imagine, the costs associated with a successful phishing expedition can be detrimental to your business financially, and can do significant – if not devastating – damage to your company’s hard-earned reputation.
Like the “real world” crime spectrum, phishing scams range from the very small to the very large. Examples include:
Solicitors that convince you to purchase ad space, a directory listing, inbound links for SEO benefits, etc., and then take your money and run.
Being sent a check or money order with overpayment, then being asked to re-pay the overpayment via check – with the difference becoming pure cash for a “customer” who never existed.
Stealing your identity - or your business’s identity – to establish lines of credit, open credit cards and/or obtain cash advances in your name.
Requesting donations from fake charities – you think it’s a generous tax deduction, and they wind up with cash. It’s two strikes for you.
Receiving a fake email from a company you trust (such as this recent Intuit/QuickBooks scam that generated an alert on the BBB website). If you click “cancel” or “submit” your computer is uploaded with malware and/or viruses used to capture password-sensitive information on your computer. This can open you and all of your customers/clients – open to identity theft.
Fortunately, a little education and training are the only things required to arm yourself, your employees and your small business from becoming victims of this vicious style of cybercrime.
Steps For Creating a Phishing-Proof Business
Here are some of the steps you can take to protect your small business from phishing and other cyber-based crimes.
Consult with an IT firm
IT specialists are instrumental in medium- to large-businesses but they are underused by most small businesses. When you start out as a one- or two-person business, it’s easy to add a few more computers to the small network without thinking anything of it. However, every computer – and employee- connected to the internet at work presents another potential vulnerability.
Do consult with an IT firm to discuss the simplest and most affordable way to protect your business and its workstations from cyber criminals.
Educate and train your employees
Make sure each and every employee goes through some sort of training or briefing about cybercrime and it’s risks. Share the most common methods used by phishing scammers with them, and make it a point to remind and update employees by sharing industry-wide alerts as you receive them.
Learn to smell a phish
In our fast-paced work day, it’s easy to overlook the very obvious signs of a scam, which can be extremely frustrating if you wind up becoming a victim. Here are some of the ways to smell a phish, preventing you from taking the bait:
Always scan the reply address on a “take action” email. If you receive an email – especially an alarming, unusual or “act now!” instruction or request – pay close attention to the reply email address. If the domain is one you recognize – call the company anyway and ask a representative to verify the message before taking action. Often a small reversal of letters, a companyname.somethingunual.com, or a “.net” rather than a “.com” will clue you in that something is amiss.
Think about the method of communication. Do you typically communicate via email? Victims of online scams often look back and reflect that while they typically talked to the entity in person or via Facebook, they had a knee-jerk reaction to the unusual email.
Use your gut. If a deal seems too good to be true, never jump on it. 99% of the time it is too good to be true. You can use your private investigative skills to dig deeper and get reassurance and/or proof for the remaining 1% of the time.
Are you interested in learning more about how to protect your small business from scams – cyber or otherwise? Contact us here at Zap Payroll. Even a single consultation can provide what you need to know to protect your small business and set up effective employee training sessions.