In December, the Associated Press published an article about the increase of business-related scams during two seasons of the year. One popular season is during the holidays, which just past, and the other heavy scam season tax time. With employees seeking W-2s and other important forms, it is time for a seasonal reminder about phishing and cyber security as a whole.
The biggest phishing threats continue to be fake emails that trick people into clicking on a link that compromises their device and their information. These used to be easy to identify: misspellings, grammatical errors and unprofessional formatting were giveaways that a message should be flagged and deleted. Today, scammers specifically target businesses. Many will research companies online so the false email is more authentic: naming the industry and even individuals. Some will mine personal data (called social engineering) and create fake accounts of bosses or managers. Small businesses are also more vulnerable because they lack the resources and infrastructure of large corporations.
When are employees most vulnerable?
Even when employees are aware of the risk, a single email can slip through the cracks. Emails are often read while on the go, and minor warning flags can be missed. Referring to the practice of social engineering, people are more inclined to click on a link in an email if it appears to come from a trusted source. When it mirrors the account of a supervisor, employees are even more likely to click on it, thinking it is related to their job duties.
At the moment, both companies and individuals are compiling 2019 tax information. In the increasingly paperless world, it is common to receive emails about W-2 forms and other tax-related information. Tax forms are also filled with personal data that a scammer can use or sell on the black market.
How can a business improve its security?
Whether you are the sole employee of a company or if you work with a large team, every organization should have security measures to limit the damage. This includes network security and anti-virus protection, but also employee awareness programs to protect business data. The FCC has a helpful “10 Cyber Security Tips For Small Businesses” list on its website. Even if an employee clicks on a suspicious message in their personal email, this may happen on a work computer, which puts the whole organization at risk.
Firewalls, malware and anti-virus programs offer a security net against scams, and additional protection such as multifactor authentication can provide greater comfort, but the fact is that scams continue to evolve in the digital age. Digital security is essential to any business and it continues to change. Every business should consider a combination of safeguards, employee education and contingency plans in the event of a data breach. Everybody makes mistakes, but preparation will help to avoid catastrophe.