It seems like every day a new major corporation falls victim to a cyber-attack – Twitter, Equifax, Zoom. Hackers use a variety of methods to break down barriers within computers, systems, and people. Unfortunately, Fortune 500 companies aren’t the only targets. Small and medium businesses also face their own set of cyber-attacks, each specifically designed to hit common weaknesses in security systems and employees.
If you think your company is safe from such attacks, think again. It’s not a question of if, but of when.
Protect your business from these top five cyber-attacks to watch out for.
Spoofing – Urgent Money Transfers
It happens all too often that large sums of money are moved into unconfirmed locations. For instance, you get a call or email from your supervisor. It could be an urgent demand or a seemingly innocent follow up to a money-related request. Either way, money needs to be transferred to another account, or gift cards need to be purchased ASAP.
Don’t rely on a single email or phone call. Confirm the wire transfer request in-person, or through multiple forms of communication.
Spoofing – Pretending to be IT
This is exactly how the latest Twitter attack happened – employees were contacted by hackers pretending to be part of their IT team. When you assume it’s a trustworthy person on the other end of the phone, you’re likely to give away login information and open your system to countless attacks.
Trusted IT providers should never ask for your password. Some take extra safety precautions, like asking you to call them back at their company’s known number. This keeps both you and them protected from potential spoofing attacks. The bottom line – never give away your password. Ever.
Phishing – Fake Login Sites
You’ve likely received a fraudulent email from your bank or Google asking to reset your password. Everything looks legit, from the sender’s email to the logos. However, links in emails should always be treated with a degree of caution, even when the email originates from a known address. The link can look like it goes to a real company website but hidden in the link code is an entirely different website whose sole purpose is to steal your information.
A good rule of thumb is to only reset your password by going directly to your app or the website (not through the link in an email). Combine this with frequently updating your password, and you’ll minimize your risk of account breaches.
Phishing – Fake Texts & Social Messages
Caller ID can easily be faked, and automated texts from companies are easy to copy. Just because your phone says a text is from “Bank of America” doesn’t mean that it is (it’s honestly as easy as downloading a free app).
If you have even the smallest hint of suspicion, do not click on links from unconfirmed numbers. And on the off chance your password was really compromised, you can reset it through the company’s official website, or by calling them directly. The same goes for links in social media messages. If a Twitter, Facebook, Instagram, or LinkedIn message looks like spam then it probably is.
Attachments – Malicious Email Files
Often time, these social engineered cyber-attacks use multiple tactics to trick you. Some hackers will embed links into images that look like links to your favorite social network site or another real company. You may think you are going to Facebook, but the link may take you to an imposter site that is designed to steal your password.
Beware of all attachments from unknown emails. What may look like a normal pdf could actually be a file chalk-full of fake links and malware. Your IT provider should have procedures in place that scan for these dangers. If they don’t, it may be time to upgrade your IT team.
95% of data breaches are caused by human error. SMB’s often think they are too small to be targeted, but attackers prove otherwise. By watching out for these top cyber-attacks, choosing a trustworthy IT support provider, and frequently updating your passwords, you can reduce your risk of becoming another cyber victim.