Malignant, malevolent, and of course malicious -- they’re all bad words and the prefix is what tells us this! As in “malware,” a term derived from mal- and software that is used to define many of the offensives aimed by criminals at harming your business.

Malware includes things you’ve most likely heard of, such as trojans, worms, and viruses that hackers perpetrate to infiltrate and contaminate our computers. But there’s also an assortment of destructive cyberattacks that don’t involve malware doing damage from within.

Some attacks do damage from without. Denial-of-Service Attacks can incapacitate your network with an overwhelming flow of Internet traffic; Password Attacks can give intruders keys to the locks on all of your systems; and Phishing Attacks -- probably the most common type of attack -- can trick your employees into giving away personal information, or company information!

Phishing Fundamentals

Cybercriminals use a variety of different phishing methods to scam people. Deceptive Phishing involves impersonating well-known companies to fool you; Spear Phishing involves sending you highly-personalized emails that look like they’re from someone you trust; and Pharming involves not trying to bait you, but rather redirect you to their phony websites.

What these three types of phishing have in common is they all prey on unsuspecting users. It’s not hard to imagine one of your office workers absentmindedly opening an email and clicking a harmless-looking link, or entering their username and password on a fake website if it looks legitimate. Can you imagine the implications this has for cryptocurrency novices?

Another thing these scams have in common is the fact that your unsuspecting users can’t be so easily exploited if they’re not unsuspecting. In other words, a little bit of cybersecurity education can go a long way toward solving problems, circular-sounding sentences notwithstanding.

Protecting Your Business

Any good cybersecurity program will include employee training and clearly defined best practices. Basically, you have to teach your people what to look out for and make sure they know they’re partly responsible for keeping your company’s sensitive information safe.

As pertains to phishing scams, there are five important points that small-business owners must convey to their workers to ensure everyone’s doing their part:

1. Beware of Urgent Emails - Employees must be on the lookout at all times for scare tactics imploring them to act immediately. If they’re ever threatened with a fine, penalty, or account shut down, they’re probably being phished.
2. Scrutinize Headers and Signatures - The “From” email address may say “@apple.com” but that doesn’t mean it’s from Apple, and even if there’s a professional-looking sign-off at the end of the message, it doesn’t mean you’re dealing with a real company.
3. Hover Over Short Links - Cybercriminals often send out shortened URLs to make their phony links seem more authentic. Users should always hover over a shortened link to make sure it will actually send you where it is purporting to send you.
4. Click Things Cautiously - It may sound simple, but Charles IT makes a point of reminding staff to slow down and scrutinize emails if they seem even the least bit suspicious. The “look but don’t click” approach to shortened URLs really applies to everything nowadays.
5. Browse With Care - URLs starting with https:// and displaying the padlock icon and the word “Secure” mean the site encrypts any communication users have with it. Make sure employees look for those, especially when submitting sensitive data.

After a Phishing Attack

Unfortunately, no amount of cybersecurity education can 100% prevent your company from falling victim to a scam. So if you ever suspect you’ve been compromised -- by deceptive phishing, spear phishing, pharming, or any of the other methods available to cybercriminals -- you need to take care of a few things right away.

First, you need to disconnect from the Internet the device that was used during the phishing. Then, start a scan on it and any systems to which it was connected. Next, contact any financial institutions where you think your accounts may be at risk of being plundered. And finally, change your login credentials at those institutions’ websites.

If you’re a small-business owner who isn’t sure you’d recognize the signs of having been phished, isn’t sure you have the resources needed to educate employees about online scams, or isn’t sure your overall cybersecurity program is truly comprehensive, call OnTech Networks today. We help companies reduce the chances of their people falling for phishing.