Small businesses today have a lot more to worry about than they did twenty, or even ten years ago. Threats have grown so sophisticated that it can be difficult to gauge just how vulnerable your organization is to them. It’s especially important that your organization protects itself from the dangers that lurk within emails, tucked behind thinly-veiled schemes and honeyed words.
Here are some of the most dangerous threats that your small business can encounter through email:
- Phishing scams: Spam often comes filled to the brim with malicious links, infected attachments, or requests for personal information. If you’re not careful (and if the message is particularly convincing), even the best employee might find themselves fooled by one.
- Ransomware: Ransomware has been a major problem over the past few years, and it continues to plague organizations and grow more powerful as time progresses. Ransomware is most commonly spread through spam messages in infected attachments, and once downloaded, it encrypts files located on the victim’s workstation. Ransomware is difficult--if not completely impossible--to remove, so preventing infections proactively is your best chance to fight against it.
- Keyloggers: Ransomware has no problem being overt about its intentions, but keyloggers are often more nefarious and will act in the background, away from prying eyes. Keyloggers can track your workstation’s keystrokes and send them remotely to a hacker, who analyzes the data gathered for any sensitive information. This can include passwords, Social Security numbers, financial data, and other credentials that could cause even bigger problems.
Small businesss are afforded some semblance of peace of mind, thanks to security solutions like Unified Threat Management and Remote Monitoring and Management software. But in order to ward off more sophisticated threats, you need to take more drastic measures. This is precisely because modern sophisticated threats try their best to be completely undetectable, often until it’s far too late to do anything about them. Therefore, you can’t just rely on your software to protect you, as software can be fooled more easily than you think.
While software is great for spam protection, content filtering, and antivirus, keep in mind that these are all automated solutions that will only protect against more basic, predictable threats. For more focused attacks that are designed specifically not to be detected, you will notice that your software may have a harder time identifying them. This means that for the threats that do manage to slip through your defenses, you’ll have to have a solution.
Directive recommends educating your employees about the following security discrepancies. By doing so, you can effectively augment your security solutions and minimize the chance that you’ll fall victim to attacks that do manage to sneak past your defenses.
- Don’t blindly trust emails, even if you know the sender. It’s surprisingly easy to spoof email addresses, so even if you think that an email, SMS, or instant message is from someone you know, be sure to pay attention to what the message requests. If it’s beyond reason or suspicious, report it to IT and don’t respond to it.
- Make sure permalinks are valid and secure before clicking on them. Scammers might include links to malicious websites designed to harvest credentials. In fact, some might even replicate notable organizations’ websites (like that of your bank) to convince you that they are legitimate. Other links might just direct you to downloads of viruses or malware, so be sure to hover over them and see where they go before clicking on them.
- Avoid questionable attachments. If you’re receiving unsolicited attachments--perhaps resumes of someone “looking for a job” or receipts for things you’ve supposedly purchased--be wary of downloading them. They might contain viruses or malware that could cause trouble for you.
- Watch out for messages that demand immediate action. You’ve seen them before: spam messages that claim you’ve won the lottery and you need to claim your prize. While these are quite obviously fake, other messages that demand action could also be fraudulent. A particularly nasty method of soliciting action from the victim is through the use of whaling scams, in which the user receives a message from the “CEO” asking for an immediate wire transfer of funds.
- Keep your personal devices updated. This includes the operating systems and all applications installed on them. Patches are issued to resolve security flaws, so make sure that your employees know that they are there to protect not just your organization’s assets, but also your employees’ personal information.
- Learn how to identify secure websites. Your employees should be able to identify when it is prudent to trust websites with sensitive information. Some phishing websites might try to replicate others and convince users to input sensitive information in forms. Look for the HTTPS in a website’s URL before plugging in any data that could be considered sensitive.
- Just be careful. Discretion goes a long way in regard to cybersecurity, so be sure to tell your employees to take everything with a grain of salt. Most threats can be identified with just a little bit of common sense.
In today’s data and age of cybersecurity, be sure to scrutinize everything and trust no one. What’s the wildest phishing email or spam message that your organization has received? Let us know in the comments, and be sure to subscribe to our blog.