Recognize the Risks of Phishing–Time to Think About Your Cyber Defense

As the risk of cyberattacks increases, if you run a small business–whether one employee or 25–it’s highly likely you’ve received at least one phishing email. It’s also possible that an employee has inadvertently clicked a link or opened an attachment in that email and you’ve lost data, lost control of your system, and have lost time and money recovering from the breach.

According to the Cybersecurity and Infrastructure Security Agency (CISA), small businesses in the U.S. are increasingly at risk of cyberattacks and phishing appears to be the most common way cybercriminals hack into your system.

“More than 90% of successful cyberattacks start with a phishing email,” the agency reports.

Current events like wars have alerted businesses and individuals to potential cybercrimes and cybersecurity threats, said Regis DeVeaux, NerdsToGo Alexandria, VA. He does business in the Washington, D.C. metro area where cyber risks are even more topical. One customer’s concerns, for instance, were heightened after seeing a 60 Minutes interview with FBI Director Christopher Wray, who revealed how the government foiled a recent cyberattack by Russian hackers.

What is Phishing?

With phishing attacks, hackers cast a wide net, sending their malicious emails to random email addresses or even targeting a particular person or company. Phishing opens a can of worms for businesses and individuals alike. And all it takes is one person to click a link or open an attachment to cause things to go sideways. When that happens, passwords, usernames, financial information, and other data can be stolen or malicious software can be unleashed system-wide. Another phishing technique is “smishing”--SMS text phishing. Smishing often involves a text impersonating someone such as a CEO making urgent requests like buying gift cards or similar transactions.

While businesses are often targeted, home users can fall victim to phishing, too, which can also prove damaging to businesses when you have employees working remotely, DeVeaux said.

“With our residential clients, a lot of phishing comes from fake antivirus offers,” he said. Emails resemble those from well-known antivirus software companies saying software is expiring or out of date. “Tech companies don’t reach out directly by email to tell you antivirus is expiring.”

To protect yourself from phishing, he added, if something looks fishy, report it or avoid it. “Don’t click on anything out of curiosity.”

Phishing and Ransomware

Among the most malicious software that hackers use when phishing is ransomware, which either encrypts the user’s data to prevent access or locks out the victim, preventing them from using it. Hackers then hold the user’s data for ransom–hence the term ransomware–and the user then must pay, usually with a cryptocurrency like Bitcoin, to unencrypt or release data to access it.

At the Alexandria NerdsToGo, clients have sought solutions following a ransomware attack, DeVeaux said. Usually, after such an attack, computers need to be completely wiped and restored. The Nerds can then follow up with employees and teach them how to better recognize phishing emails and how to protect themselves from attacks.

How to Spot “Phish-y” Emails

CISA recommends educating employees about how to recognize phishing and to have resources available that recognize and assess unusual network behavior. Because small businesses often don’t have IT departments of their own, they rely on managed service providers (MSP) like NerdsToGo to help them fish out “phish-y” emails.

When trying to spot phishing emails, look for the following:

  • Spelling and grammar errors
  • Malicious links
  • Lack of security certificate
  • Unusual generic greeting
  • Legitimate-sounding warnings
  • Emails that ask for clicks
  • Fake email addresses
  • Fake or dangerous attachments
  • Threats that create panic
  • CEO fraud

NerdsToGo, of course, has multiple solutions to help both businesses and home users protect themselves from cyberattacks like phishing, he said. There are, for instance, several email security services that NerdsToGo can offer to help monitor suspicious emails.

The Nerds also have software solutions such as a proprietary bundle and suite of IT solutions that include powerful firewalls and next-gen antivirus to help prevent attacks and scan for anything that may have already slipped into the system. DeVeaux said he has often used the metaphor of today’s digital landscape like that of “swimming with the sharks.” It takes an expert to know how to assess vulnerability and cyber risk.

If you’ve already been a victim of phishing or other cyberattacks, the Nerds can help clean up your computer or other devices, DeVeaux said.

Whether you’re an individual or a small business, you can rely on the friendly Nerds at NerdsToGo to provide you with the most up-to-date, next-gen cybersecurity solutions available. If you want to prevent phishing or need help following a cyberattack, get in touch with a Nerd today.