Did you know that the UK’s SMEs are on the receiving end of an average of 65,000 cyber attacks every day? Or that the average loss from a successful attack is £25,700, per business?
I was shocked when I read these statistics, published by insurers Hiscox. Perhaps the most worrying trend of all for me is the relentless growth in ever-more sophisticated phishing scams. Even IT experts and senior executives are being tricked by bogus emails in order to steal your personal info and login details, or get you to make a payment – or simply to corrupt your computers to disrupt your operations.
The bottom line is, while some scam emails are easy to spot, the majority look very, very convincing. If it looks like it’s from a trusted company, with branding to match, it could just as easily be from a cybercriminal.
And, as Hiscox and other surveys reveal, the consequences can be extremely serious. Your business bank account could be compromised. Confidential customer data stolen. Or even worse, your entire IT estate paralysed by ransomware. Make no mistake, phishing could kill your business.
The best defences are education and motivation. Share the problem with your employees and give them guidance, after all failing to spot these emails could ultimately impact their job security. Helping them spot the dangers now could be the best thing you can do to protect your business.
“So how do I spot a bogus email?” I’m often asked. Here are six things that I would share immediately with everyone in your business. Beware of any emails that ask you to:
- make an immediate payment – don’t pay without speaking with the person to check the request is valid. Do not check via email!
- enter your ID and password – check with your IT support provider/department that this is a genuine requirement before entering anything you’re not 100% sure about
- start paying invoices into a new account – phone the requester to check it’s a genuine requirement
- click on a given link – check with your IT support provider/department that this is a genuine requirement
- download something onto your computer – don’t download anything unless you’re 100% sure of it’s content. If you’re not – check with who asked you to download it or check with your IT support provider
- respond because your account is under attack, been compromised or frozen – there is often no compromise and these are designed to create a panic response. Don’t! Check with your IT support provider that the alert is genuine before responding or clicking on anything
I treat everything as potentially suspicious – sadly that’s the mindset we all need to adopt. If you’re in any doubt, do not open or click on any link or divulge any personal or corporate information, without first contacting your IT team or support partner.
If you’re concerned about your business’s vulnerability to phishing attacks, email email@example.com or, leave us a message here and we’ll get back to you or call us on 03300 886116 or for an informal and confidential chat.
Managing Director, The PC Support Group