Securing your company’s information isn’t optional anymore; it’s a necessity for any business interested in remaining relevant in an evolving commercial landscape. Last year saw a large increase in scams, hacks and breaches, prompting many businesses to rethink their access control policies and security measures. In many small- to medium-sized businesses, however, the winds of change simply haven’t been felt for various reasons. In this article, I’ll discuss three relatively easy steps you can take toward improving your company’s security posture.
Regardless of your company’s size, client information is very attractive to hackers and data thieves who’d love to sell that information and make a small fortune. You may think your company is boring or uninteresting, but professional scams often gather data for months from a variety of sources before starting, usually targeting “low-hanging fruit” like small or mid-sized businesses that usually leave their company’s information unguarded. Customer loss, profit declines and reparative PR efforts are all real consequences that companies of all sizes have had to face in recent years due to lazy security policies regarding company data. It’s obviously best to keep your business as far from a mess as possible and implementing security measures increases that distance.
As business owners, we are driven by email, answering and replying to emails so we can have another task completed. Since we’re likely to delete or ignore emails from all unrecognized names, scam artists will pose as a trusted contact (like your bank) and ask you to install software or open a suspicious link. Any such action in these scenarios usually results in your files being held hostage or a harmful virus installed on your computer. To prevent this from happening, here are some tips that may help you without interrupting your workflow.
Pause before clicking on any link in an email. Hackers use links to redirect you to a clever lookalike of a site you trust or to download a file in the background. While emails often list a URL in the email, you can put your mouse on the link without clicking on it to see the real link. Before clicking on the link, make sure it matches what’s communicated in the email. For example, if the email claims to be from Trusted Company and the URL that’s provided doesn’t end with @trustedcompany.com, think twice about clicking on it.
Be cautious of any email that tells you to act immediately without any prior communication. In most cases, reputable companies and government agencies will provide you with notices far in advance of any negative action being taken on your account with them. Because the hacker’s goal with urgent-sounding emails is to persuade you to act without thinking, slowing down and pausing on a suspicious email can help you prevent an embarrassing situation for your company.
For emails requesting information from or about you, make sure you understand why they need the information. Trustworthy companies clearly communicate their reasons for all information requests, usually directing you to log into your account outside of the email (not from a link inside the email). It’s always best if you are suspicious of information in a particular email, to close the email and look up the company’s site or contact information online and verify the email’s contents with them.
If you didn’t start the conversation or are not expecting the email, be on guard. Typically, in these emails, scammers will request money from you to cover “expenses” or to fund a cause. Donations to worthy causes are always a good thing — as long as they actually are “worthy causes.” If you weren’t expecting the email, it’s worth paying attention to the reason they want to offer “login assistance.”
Though it takes a moment, taking time to detect a phishing email will benefit your business in the end. The days of blindly clicking on the links in all incoming emails are over and implementing good email habits will help you safeguard your company against phishes.
Editor’s note: This article originally published in the Fresno Business Journal.
