Phishing attacks have become an epidemic in the business world. In fact, according to a recent study by SANS, they comprise 95% of all attacks on enterprise networks—at an average cost of $4 million in damages.
It’s no wonder more and more enterprises have instituted user awareness and anti-phishing training programs internally to familiarize employees with precautions to take to prevent such attacks from occurring.
A priority for SMBs
Given the frequency of the threat— 85% of all organizations have suffered from phishing attacks at one time or another—your small and midsize customers need to be vigilant too.
However, since SMBs tend to lack extensive IT resources in house—and may not have the time or manpower to conduct security training with their employees—we’ve prepared a list of handy tips for you to suggest to them.
These basics are simple and affordable, but they can go a long way toward minimizing the risk.
An SMB phishing checklist
- Never click on links from senders you don’t know or download files from suspicious emails or websites. Most phishing emails start with “Dear Customer” or a similar anonymous greeting.
- Verify the security of websites. Look for “https:” in the URL to confirm that the site is encrypted. A closed lock icon should also appear near the address bar.
- Never bypass digital certificate warnings or pop-ups. They’re provided for a good reason.
- Move beyond simple passwords to two-factor authentication or, at the very least, longer and more complex passwords.
- Back up data regularly throughout the day—every day.
- Install anti-phishing toolbars, which run quick checks on the sites users visit, checking them against lists of know phishing sites.
- Beware of pop-up ads. They’re often phishing attempts in disguise—which is why most browsers allow you to block them.
- At the very least, install desktop firewalls (software), network firewalls (hardware) and antivirus software. Together, they can significantly reduce the chances of hackers and phishers infiltrating a company’s IT systems. For even greater protection, consider investing in advanced and more comprehensive security solutions.
- Update web browsers as soon as new versions become available since they usually feature the latest security features.
- Last but not least, never give out personal or financial information online.
Nothing is foolproof.
While it’s literally impossible to prevent all phishing attacks and other cyberthreats, following these simple precautions can go a long way toward protecting your SMB customers. The alternative is just too costly.