Every small business owner knows how computers and specifically email have transformed into critical business systems that businesses cannot function without. It is often easy for business owners to assume their computer systems are safe from attack because it “won’t happen to my business”. Complacency is a dangerous option when it comes to SMB security.
High profile attacks on large corporations get coverage but hackers are increasingly targeting small and medium businesses
Over the past year, there have been numerous high-profile data breach cases involving major corporations. Iin the past year compromised security at Sony, the global games company, allowed criminals 20 million accounts which including email addresses, phone numbers, passwords, and in some cases credit card numbers. It has been reported that some of this information is for sale in several cybercrime forums. Another high profile attack and possibly the biggest data breach in US history was the Epsilon attack earlier this year.
Epsilon a global provider of marketing services had their IT system hacked and the criminals gained access to the names and email addresses on their customer database which included some of the worlds largest companys across a variety of sectors. This successful attack gave criminals access to large amounts of information about individuals in these companies, details which will allow them to more effectively target each company more specifically.
This may give the perception that only large corporations are potential targets for hackers however the reality is that hackers are increasingly targeting small and medium sized business knowing that oftentimes they do not have the resources or technical knowledge that large corporations do.
Internet Crime unit inundated with complaints from small and medium sized businesses
At SpamTitan we see countless scenarios where small businesses come to us as a result of falling victim to threats similar to those suffered by these high profile companys. Any medium sized company that relies heavily on email to conduct business requires anti spam and anti phishing protection. Over 400,000 complaints were filed with the Internet crime complaint centre in 2011, a partnership between the National White Collar Crime Center and the FBI. These complaints came from small and medium sized businesses affected by online phishing scams and other Internet related crimes.
How to protect your business against phishing attacks
Visiting the Anti-Phishing Work Group will give you sound advice to safeguard your business against phishing scams and gives you beneficial information on how to avoid becoming a victim.
Some of their advice is
- Employees should never respond to spam email with confidential or sensitive information, a legitimate companies will never ask for sensitive information via email.
- Make employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious. The best way to avoid your company becoming a victim of a spear phishing attack is to improve awareness of what’s happening before anyone loses any personal information.
- Never give out company financial information such as banking numbers to an email enquiry. Your bank does not need you to confirm your account information…they already have this information.
- Make sure your network is protected with up-to-date virus, anti spam and malware protection. Ensure you update the software regularly and use a trusted and recommended solution.
A 2011 poll carried out by SpamTitan discovered that 70% of companies that believe their organisation had been a victim of a spear phishing attack are unsure that such attacks are reported to I.T. and dealt with appropriately. This lack of proactive measures to deal with the attacks can cost companies financially through the loss of data and system downtime. Educating employees around a range of security issues is an important step that many companies ignore. Yes, robust, powerful and updated security solutions are crucial but this doesn’t mean that companies can afford to ignore the ‘softer’ behavioural issues associated with security. It only takes one employee to open the wrong email to give access to senstitive company data bring a whole company’s IT systems to a halt.