A recent international campaign focused on Cybersecurity Awareness Month was led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). The two groups highlighted four key action steps that everyone can take to better protect themselves against cyber threats.
In this post, we will discuss the four steps and why they’re essential, as well as provide some valuable tips that small and medium business owners can follow to make sure that their businesses and employees are protected.
Step #1 — Think Before You Click: Recognize and Report Phishing
Phishing is a type of cyberattack in which an attacker tries to trick someone into doing something that they shouldn’t, such as clicking on a malicious link or sharing their username and password. It is a huge threat to businesses because one small mistake by an employee could result in sensitive company and/or customer data falling into the wrong hands, the installation of malicious software onto company computers, and lots of other serious cybersecurity issues.
Phishing most commonly happens via email. Below are two real phishing email examples that were detected by Trend Micro — a global leader in cybersecurity — recently.
As you can see, the examples above look legitimate. However, there are some commons signs of phishing scams that employees can be trained to recognize, including:
• Threats or a sense of urgency — “Your account will be closed in 24 hours if you don’t click this button,” for example.
• A questionable email address — If an email claims to be from a certain company, but the email address domain doesn’t include the company’s name, it’s a huge red flag.
• Suspicious attachments — Cybercriminals will often attach files to emails that when opened will install malicious software.
• Strange requests — Out-of-the-blue emails that ask for payment and/or personal information are almost certainly phishing scams.
• Grammar and spelling errors.