Phishing

5 Easy Ways to Protect Your Small Business from Phishing Attacks

Stephen Moramarco
January 31, 2018 by
Stephen Moramarco

Your business is vulnerable to phishing attacks, no matter what size it is. According to the 2016 State of SMB Security Report, half of the 28 million small businesses in the US have been breached; most of these attacks begin with an email that has a malicious link or attachment.

One of the most notorious examples last year was a scam that sent a phony “shipping information” email to 3,000 small businesses. Pretending to be from UPS, the email had a link that claimed to be tracking information; instead, it contained malware that infected many computers.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

A small business likely doesn’t have an IT department or a big budget, and it can be difficult to figure out exactly what to do to about phishing vulnerabilities. Don’t worry; we’ve taken care of that for you with this list of 5 ways to protect your small business from phishing attacks.

Via techworm.com

  1. Install a good antivirus program and spam filter. It’s a very simple step that many businesses forget, but these tools are essential to catching phishing emails and malware before they end up in an inbox. Popular spam filters include SpamAssassin and SPAMfighter Pro; antivirus software includes Avast, Norton, and Symantec. Do a little comparison shopping and find the one with the most features, best reviews, and competitive price.

This is a fake updater, via malwaretips.com

  1. Update all your software. It’s also very important to make sure every computer you are using has the latest version of all software, including Internet browsers. Many worms and other types of malware exploit vulnerabilities that the new updates fix. However, you need to be aware of fake update warnings, which are actually cleverly disguised malware. Therefore, if there’s an option to update the software automatically, do it.
  2. Purchase cyber insurance. Regular business insurance rarely covers cyber attacks. If (when?) your company falls victim to a successful phishing attack, there are potential damages that can put you out of business. In fact, Symantec reports that 60% of businesses go under within six months of a breach. Therefore, it makes sense to shop around for a good policy that can help with recovery.
  3. Educate your employees. Many people simply aren’t aware of the true dangers or think that, because the business is small, it’s not vulnerable. The best way to do this is to create an educational program or use an existing one that can teach how to identify and avoid clicking on suspicious emails and other important security tips.
  4. Drill, drill, drill. An often overlooked component of anti-phishing security is real-world testing. This involves creating and sending phony “phishing” emails to unsuspecting staff. These emails should run the gamut of typical tactics - asking for a password reset, requesting a money transfer, or even offering “free pizza.” If someone clicks the link, instead of being phished, however, they are taken to a landing page informing them of their error.
  5. A screenshot of a sample landing page

    If you’d like to take care of Numbers 4 and 5 in one fell swoop, join InfoSec Institute’s award-winning SecurityIQ platform. One part of it is called AwareEd, which consists of customizable education modules that include videos and quizzes. The other area is called PhishSim, which contains a phishing simulator, as described above.

    Both AwareEd and PhishSim are completely automated. You import the contacts, create or choose the modules or templates, and SecurityIQ takes it from there. All activity can be remotely analyzed and monitored in the dashboard.

    There are many more features that make SecurityIQ essential for any small business serious about security. Right now, we are offering a free 30-day trial of the Premium account which includes unlimited emails and learners. Join today!

    Phishing simulations & training

    Phishing simulations & training

    Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

    Stephen Moramarco
    Stephen Moramarco

    Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.