SMB security: preventing phishing attempts

Phishing is still an ever-present risk to businesses. Here are three helpful tips to stop these phishing attempts derailing your SMB

Whether it’s your SMB’s bank account or finance management app, money is mostly managed online these days. Technology has created a better framework to manage finances. However, it has also created vulnerabilities.

Every app and digital solution your SMB uses requires an email address or identifying information. This data is exposed to malicious actors if the app does not secure it well enough. While most apps do a great job with data security, we often neglect the most vulnerable portion of the security chain: ourselves.

Phishing is a disturbingly common way of stealing money these days and it leverages our lack of knowledge and awareness. Phishing is much more than a malicious email in your employees’ inboxes. Thanks to advanced security measures, social engineering attacks are becoming common.

Here are three ways you can protect your SMB from phishing and other malware attacks and avoid exposing sensitive data.

Educate your employees

Education is the first step to combatting phishing. Malicious attackers rely on their victims lacking the knowledge to spot a suspicious email. For instance, they might think the average phishing communication has poor spelling or mistyped email addresses. While these forms of communication exist, they aren’t the only ones to worry about.

Attacks that impersonate banks or demand one-time passwords are far more common. For instance, an employee might visit a familiar-looking malicious website that they believe belongs to your SMB’s bank and call customer service. The person on the line might then ask your employee for an email address to send them password reset options.

Upon clicking that link, your employee will either install spyware on their computer or enter their current password, giving the attacker a way to log in to the bank account. Phishing attacks usually begin long before a suspicious email lands in that inbox.

To combat this, read the data storage and communication policies your bank and finance apps conduct. Most banks and apps rarely ask for personal information over the phone or request one-time authentication passwords. As such, every email communication from these sources should be treated as suspicious.

If such an email is received, call or communicate with a designated person in the organisation, especially your bank, to verify the contents of the email. These measures will go a long way toward preventing a data breach.

Rethink your employees’ passwords

Passwords remain central to cybersecurity despite the many advances we’ve made over the past decade. In many ways, passwords are archaic, but most apps do not have a better solution. Therefore, your employees must review how they create and store passwords.

These days, people can use password managers to store and change passwords. However, some apps block this software from accessing them for security reasons. Thus, your employees will have to eventually store and remember their passwords.

When creating passwords, the obvious step is to avoid including personal information like name, birthday, account information, or the word ‘password’ in them. Also, avoid using the same password across several accounts. Attackers usually try breaching associated accounts when stealing one password. This measure will prevent the spread.

Ultimately, there is no fool-proof solution to protecting your employees’ passwords. If someone on your team is having trouble remembering them or cannot devise a pattern, ask them to memorise them or write them down on a piece of paper. This might seem callous, but it’s a decent solution.

For starters, cybercriminals cannot hack a piece of paper. However, your employee must secure this document from those around them, and this can create complications. One solution is to list passwords in a code or abbreviations so that only your employee can understand them.

Note that while paper prevents software hacks, it does not guarantee safety. Your employee might lose the document or damage it by mistake. There is no ‘best’ solution here. Create a pattern that makes sense to your employee, avoid including personal information and store passwords in a code they understand.

Put together, these measures will prevent attackers from stealing sensitive information.

Use multi-factor authentication

Multi-factor authentication, or MFA, is a great way of reducing the odds of suffering a data breach. MFA is simple to install and understand. The idea is to secure your employees’ accounts with more than just a password (another ‘factor.’) This second factor is usually a one-time password delivered to their personal device via an app or a message.

MFA is tough for most attackers to breach because their odds of accessing both your employees’ password and temporary access code are low. However, MFA doesn’t eliminate all threats. As detailed in the previous section, attackers can impersonate trusted sources to get your employees to divulge personal information.

Cybersecurity is essential

The practices listed in this article go a long way toward preventing breaches. However, there is no single fool-proof solution. Educate your staff and take steps to secure your SMB accounts.

Read more on phishing

How to provide cybersecurity training for your home workers

Related Topics