Cybersecurity has become an exploding industry as digital threats continue to increase. Everyone is a potential target, especially businesses with highly digitised and valuable online operations and systems. Malicious online crime is lucrative for scammers, with the average cost of cybercrime to a company in Australia being $276,000 according to the Australian Cybercrime Online Reporting Network (ACORN). We also know that over 60% of all targeted attacks hit small to medium enterprises (SMEs). SMEs are particularly vulnerable, given they may not have the same level of security resources in place as larger organisations.
Without sufficient knowledge of the different types of attacks, your staff are not well-equipped to avoid potential cybersecurity disasters. The main impact of cybercrime is business disruption. Perhaps your POS system is infected with a glitch, how would your business process payments? Whatever the cause, the best way to avoid a security issue is to educate yourself and your staff, while implementing processes and systems to prevent the main perpetrators of cybercrime.
Phishing Emails and Malware are Often Avoidable
Phishing emails are designed to insidiously obtain your details – hook, line and sinker. They are one of the most serious threats to SMEs. Essentially, a phishing email is sent to your employees or business in an effort to appear legitimate. However, it instead sends the unwary victim to a fake landing page.
This landing page (if followed) will capture vital information (financial information, passwords, personal details etc.) or download malicious software (malware) to the victim’s computer. Malware is a type of software that aims to destroy, corrupt, or steal data on a server, computer or network. Otherwise known as a virus, they’re often attached to emails, texts and external downloads.
What makes phishing emails so effective (damaging) is that they replicate the logos, formats and writing style of the respected institutions they are trying to imitate. Fortunately, both malware and phishing emails are mostly avoidable if you know what to look for.
How to Spot a Phishing Email
Phishing emails work because they elicit trust from the victim. As a general rule, be wary of any email you receive that includes a link to an external source. Here are the top three ways to recognise if an email is trying to scam you or your business:
- The email does not address an individual. Any meaningful or important email will address a particular person. If an email is trying to warn you of a security threat or financial breach, the sending organisation would know who to address the email to.
- The ‘From’ doesn’t make sense. Whenever you get a legitimate email, it’s clear who sent it to you. The email in the ‘From’ field will be known to you, either by being in your address book or having a clear, readable format. Legitimate companies, particularly large, respectable organisations, will always use a professional email address – such as email@example.com NOT a string of numbers or random letters.
- The message panics you, instead of reassuring. Real emails raising a concern will not alarm you. Instead, they will offer practical solutions or suggestions to review your account or take another action, independent from any links in the email. Emails that stress urgency to ‘secure your account’ or similar are just trying to get you to panic and click on the fake link. Be wary!
How to Spot an Illegitimate Landing Page
Let’s say you or a staff member does not pick up on the phishing email. Clicking the link often sends the victim to a fake landing page. Usually, it is relatively easy to identify an illegitimate website. Here are a few of the top identifiers:
- It’s missing key information. Corporate websites will always have critical identifying information, such as an About and Privacy page. The headers, footers and navigation menus should all look legitimate. If anything looks off, it pays to be careful.
- The website URL doesn’t match up. The URL should match the company its representing. Spelling mistakes are the most obvious giveaway. It should also be secured – check if the URL begins with ‘https://’ or marked as a secure URL by your browser.
- It asks for critical information. A fake phishing website will often ask you for identifying information that they would already have if it were the authentic organisation. Any website that asks too much should be looked at with an eye of concern.
If in doubt, check your account with the email sender independently of the email. Furthermore, try calling the sender (by their verified public number) and asking them if they sent the email. Of course, cyber crime is just one of the many threats and risks your business may face. Protecting your financial position and cash flow will allow you to deal with issues as they arise, as well as adequately provide the resources required to prevent future problems.
TIM Finance helps SMEs source the funds they need to support their current operations, meet their expenses and invest in their growth. Get the cash you need and make TIM Finance your partner for flexible business financing today.