Every year in late July and early August a group of cyber security professionals gather in Las Vegas. The purpose is to attend the annual Backhat cyber security conference. This conference is considered the premier conference on cyber security and details what risks organizations and businesses face around the world.
At the conclusion of the conference the consensus was that, the greatest risk to small business is phishing. Phishing is a scam used to try and lure information or money out of you, and the attacks are becoming more sophisticated every day. The emails will attempt to get you to perform an action, click on a link, or open an attachment. The difficult part is, the messages look real. The emails may look like they came from your bank. The attachment may look like it came from your accountant. And the email may look like it came from your boss. The reason is, they are directly targeting you.
Previously, people would receive emails that were obviously scams (Nigerian prince, bail, etc.). Today, the targets are targets directly on you and your company. The amount of data that has been previously stolen is available for sale online. The email addresses, phone numbers, employment histories, and other personably identifiable pieces of information. The scammers purchase the data and tailor a scam to target your business specifically.
Most people when surveyed will say they think they can spot a fake email. But the data does not add up. Nearly 80% of people in a recent test of a healthcare organization failed a test. 80% of IT people will also fail a test. These two industries alone represent a microcosm of the greater threat we face. Our healthcare providers have vast amount of data on us as individuals. And the IT people paid to protect it also fail the test.
So if these businesses are failing and falling for these scams, how would the people at your company react? We would not walk down a dark ally at night alone. Yet we open and click on email with all of the trust in the world.
Be aware of these scams and remember these 5 tips.
- Never transfer money to anyone who request it over email.
- Never send an email with financial or confidential data unsecured to anyone, not your bank, not your insurance carrier, not your doctor's office, or even your spouse. You may think the message is secure but someone could intercept it if sent unsecured.
- Never click on a link in an email that sends you to a login page. Go to the site directly and then login. The fake site probably looks just like the real one.
- Never open an attachment from someone outside your company.
- The IRS will never email or call you. They will send you a letter in the mail.