We’ve all heard horror stories of businesses getting hacked and customers getting their personal information stolen. Chances are you’ve also heard the story of the Google Docs phishing scam that tricked people into allowing hackers access to their accounts and contacts. Online scams and hacks don’t just affect personal email accounts – businesses are susceptible, too. One online scam you need to be aware of is called phishing.
No, it has nothing to do with fish. But you’ll see the reason for the name in a moment.
Anyways, we’ll explain what phishing is and how to keep your business safe from it.
What is phishing?
Phishing is pretty diabolical. A hacker pretends that they’re a reputable entity, such as your bank, and tricks people into giving up their personal information (passwords, credit card numbers, Social Security Number, or business information.) They try to get you to give them access to things they shouldn’t have access to. There’s even a type of phishing called spear phishing in which the hacker specifically targets their victim by impersonating someone they know.
Anyways, if your business gets caught up in a phishing scam, the results could be disastrous. If one of your employees gets phished, the hacker could grab your business financial information, customer personal information, or sensitive business documents. A breach could mean lost business, a tarnished reputation, lost income, and legal nightmares. Even more unnerving is that the breach could go unnoticed, meaning that the damage carries on.
But enough doom and gloom. The good news is that there are ways to prevent phishing.
How to prevent being phished.
1. Talk to your employees about email security.
It’s important that everyone knows not to send personal or financial information using email. You don’t want someone to respond to a fake email with sensitive information. Besides, emails can be hacked.
2. Raise your eyebrows at emails requesting personal information.
Legitimate organizations like banks or government agencies won’t ask for sensitive information by email. They have more secure ways of contacting people. And remember what we said about spear phishing. Even if you “know” the person who sent you the email, don’t send your business or personal information to them. Their account may have been hacked or someone could be pretending to be them. Give the person a call if they absolutely need personal information…and if they act really confused, break the news gently that they may have been hacked.
3. Take note of poor grammar, typos, and dire threats.
Think about it:
Would a bank or another reputable, distinguished organization ever send an email to you, the client, with typos and poor grammar? Probably not. Similarly, these organizations wouldn’t resort to threatening to shut down your account, for example, if you don’t verify your information or take another action. They just don’t do that sort of thing.
4. Monitor your business’s bank statements and finances.
Keep tabs on your financial information and bank statements and look out for anything unusual. It’s best to catch problems early and get in touch with the bank ASAP if something doesn’t seem right.
5. Don’t let your cybersecurity get lax.
Be sure to keep your firewalls and anti-virus software current. New threats appear all the time, and hackers are pros at using the weaknesses in security to muscle their way in. Keep your cybersecurity updated.
6. Caution your employees about social media.
Hackers know how to use social media, too. Unfortunately, they oftentimes use it to gather intel so that they can raise their chances of successfully tailoring their attack to their victim. Social media has its good points, but it’s crucial to be careful while using it.
7. If there’s a link, don’t click.
If you get an email that seems suspicious, don’t click on any links or attachments that might be included, especially if you don’t recognize the source. When in doubt, don’t click. Delete the email and clear you Junk folder – don’t let that thing sit around on your computer. The same goes for any spam message you receive.
8. Tell your employees how to recognize secure sites.
If you ever have to send sensitive information online, make sure that the website is secure. You’ll see https:// in the URL. You can also verify the security certificate by clicking on the lock icon.
9. Go with your gut.
When an email makes you feel skeptical, it’s probably not legitimate. Follow your instincts. Don’t mess with anything that gives you weird vibes.
10. Consider cyber liability insurance.
You may want to think about cyber liability insurance for your business. Cyber insurance was created to fill in the technology-related gaps (for example, lost income from a data breach) left by general liability insurance. If you store your clients’ personal information and depend on your computers, you may want to ask your agent about cyber insurance when you’re deciding what types of insurance your business needs.
So, that’s the basics of phishing and how to prevent your business from falling prey to it. Don’t let your business be a victim of a phishing attack that could hurt you.
If you want to save money on your business insurance, we would be happy to help with that. We can help you shop for the best insurance at the best rate, and we’ll take the time to understand your business and the risks you face so that we can help you create a customized insurance plan. All you have to do to get started with business insurance quotes is fill out our online form or give us a call today.