Cybercrime is an ever-present threat to modern businesses.
Without up-to-date and varied IT security measures, successful hacks can compromise your customers’ and employees’ sensitive data and harm your systems, resulting in costly downtime, and worse.
Email is the primary tool that companies like yours use for daily communications in the modern business world. It’s simple, it’s easy, and it’s effective, but it’s also the main source of malware and spam that could threaten your business. If you’re not careful, your email could be the key for cybercriminals that are trying to exploit you:
- Viruses and malware disguised as regular attachments from familiar sources.
- Phishing schemes from cybercriminals posing as familiar companies and contacts in an attempt to convince employees to give up sensitive information.
- Spam and junk email clogging up your inbox and blocking real, important emails from your clients and partners.
So what can you do? One of the surest ways to protect your business from a range of threats is to learn about them!
No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an e-mail sent by a cybercriminal. Some spam is obvious, but others are VERY cleverly designed to sneak past all the filters and trick the recipient into opening the door. Known as a “phishing” e-mail, this still is the #1 way hackers circumvent firewalls, filters and antivirus, so it’s critical that you and your employees know how to spot a threatening e-mail. Here are four types of e-mail ploys you should be on high alert for.
The Authority E-mail. The most common phishing e-mails are ones impersonating your bank, the IRS or some authority figure. The rule of thumb is this: ANY e-mail that comes in where 1) you don’t PERSONALLY know the sender, including e-mails from the IRS, Microsoft or your “bank,” and 2) asks you to “verify” your account should be deleted. Remember, ANY important notification will be sent via old-fashioned snail mail. If it’s important, they can call you.
The “Account Verification” E-mail. Any e-mail that asks you to verify your password, bank information or login credentials, OR to update your account information, should be ignored. No legitimate vendor sends e-mails asking for this; they will simply ask you upon logging in to update or verify your information if that’s necessary.
The Typo E-mail. Another big warning sign is typos. E-mails coming from overseas (which is where most of these attacks come from) are written by people who do not speak or write English well. Therefore, if there are obvious typos or grammar mistakes, delete it.
The Zip File, PDF Or Invoice Attachment. Unless you specifically KNOW the sender of an e-mail, never, ever open an attachment. That includes PDFs, zip files, music and video files and anything referencing an unpaid invoice or accounting file (many hackers use this to get people in accounting departments to open e-mails). Of course, ANY file can carry a virus, so better to delete it than be sorry.
The good news is that there are many steps a small business owner like yourself can take to secure their business’ IT. Some of the most effective ways to combat security breaches are simple tasks that you can perform without having to hire a security expert.
Keep the following in mind:
- Keep Link Clicking to a Minimum: Clicking on links that appear in random emails just isn’t safe. Hyperlinks are commonly used to lead unsuspecting employees to phishing and malware websites. Be sure to only click links when they’re from a confirmed, expected source, and when they aren’t part of a sales pitch, or an attempt to get information from you.
- Manage A Safe Sender’s List: No matter how new, or costly, or flashy your current spam filter is, it won’t keep unwanted spam out of your inbox forever. Whenever you see that a spammer’s email has made it past your filter, take a moment to block it so that it won’t happen again.
- Do Not Open Unsolicited Email Attachments: This is a crucial email security practice. Suspicious email attachments from unknown or untrustworthy senders are the most common source of malware, ransomware, and other digital threats. Even if it’s from a friend or colleague, consider the message they send along with it; is it worded properly? Does it sound like it’s from them? It’s always a smart move to call the sender or speak in person if possible to confirm that they sent the email. Otherwise, simply delete it until you can be sure of its authenticity.
- Diligently Scan for Viruses and Malware: Another way to double check a suspicious email is to run a malware and virus scan on it. Even though you may have to do so more often than is convenient, it’s always better to be safe than sorry.
To learn more about email fraud, and how to identify an incoming scam, download our Email Scam Cheat Sheet. It can help keep your business safe.