FSB offers its members a wide range of vital business services, but in today’s climate, when it comes to cyber risk, it is more important than ever for FSB to offer members relevant advice and support.
Phishing attacks are one of the most common methods used to breach organisations. All businesses, regardless of their size, will store information that is of value to cyber criminals, therefore putting you, as a business owner, at risk.
This blog aims to explain what to look out for, and what to do to prevent falling victim to a phishing scam.
Phishing is a method used by cyber criminals to access valuable information, such as usernames and passwords or account details. Senders will typically ask users to click a link to a website designed to harvest credentials, or open an attachment – which is usually malware – that can infect devices.
Phishing emails can be sent out at random to millions of people, or bespoke versions could be made to target specific people.
Spear phishing requires a lot more research on the part of the cyber criminal. It involves them to act as a trusted sender, for example as one of your clients or suppliers, in order to get the recipient to divulge confidential information or to facilitate transfers of funds to them. You and your employees are far more likely to send such information, or process payments, to someone that you trust.
The most important question to ask yourself when taking note of a new addition to your inbox is: was I expecting this email? If the answer is no, then think before you click.
Cyber criminals can disguise their address to fool you into thinking they’ve sent their message from an official domain. Hover over the sender’s display name to see what the address actually is.
Read the email carefully. Emails from official organisations are usually proofread several times before they are sent and rarely contain typos or grammatical errors. If you see any errors, it’s likely that you’re being phished.
Does the email have attachments? If so, don’t download anything or fill in any forms, especially in emails that claim to be from a bank. It’s worth remembering that most large organisations will never ask for personal or sensitive information over email.
Reputable organisations will also never send links to their login pages. If you’re asked, via email, to log in to a service, then open your browser and navigate to the website manually rather than use any provided links.
While phishing attacks are now more prevalent than ever, there are plenty of ways you can reduce your organisation’s risk and potential exposure to attack.
Education is key
User education is vital. If you’re not currently doing something to raise user awareness of phishing attacks, consider it. Employees who don’t know how to spot a phishing attempt could put your organisation at serious risk.
Scan the waters
If your business employs multiple staff it may be worth investing in an email monitoring service to scan all inbound links and attachments and quarantine suspicious emails before they reach their intended target.
Install and regularly update virus protection across all of your organisation’s devices, including computers, tablets and mobile phones.
Patch it up
Always patch software when new updates become available. Ideally, all software across all devices should be set to update automatically.
Micro-manage your passwords
Using the same or similar passwords across a range of services can make it easy for hackers to access all of your accounts following a single breach. Consider implementing a password manager, such as KeePass or LastPass, and create strong and varied passwords (using a mixture of letters, numbers and symbols) for each individual account.
If you’re unfortunate enough to have been fooled by a phishing attempt, remember, you’re not the only one. It is important that you identify what information has been stolen or if a virus has been installed as soon as possible. If you’ve given out personal information, such as banking information or credit card details, contact the relevant companies immediately and let them know what has happened.
As an FSB Business Essentials member you will have access to the cyber advice line. The 24/7 phone line is manned by cyber security experts from NCC Group. When you contact the helpline directly they will be able to provide you with the support and advice required if your business has been breached. FSB also provide a limited insurance plan designed to support and protect your business at no extra cost.
You can also contact ActionFraud, the UK’s national fraud and cyber crime reporting centre. It provides a central point of contact for information about fraud and cyber crime and can help you report fraud if you’ve fallen victim.
FSB Cyber Protection includes an insurance policy with cover of up to £10,000 and an unlimited use helpline to answer all your Cyber Security questions.