Blog - FTC and SBA Guidance on Cybersecurity - Phishing

Email is a critical component of everyday business. it is how we communicate internally or externally, one-on-one or broadcast, and for both formal and informal conversations. Being so integral and pervasive, it has also become a key focus for cybercriminals.

One way that criminals use (or misuse) email is by means of phishing attacks. There are many varieties of phishing, but they are all based on the idea of fraudulent emails. The malicious senders pose as someone else - a person or company that you trust.

This crime is so common that it ranks as #1 in the FBI’s ‘2019 Internet Crime Report.’ The good news is that there is no magic necessary to protect your company from phishing attacks.  Focusing on the cybersecurity basics and educating users goes a long way.  

  • Back-Up Your Data. A good backup and recovery plan is a necessary last line of defense against most cyber threats. Be sure all data, no matter where it resides, is backed up and that restoration processes are regularly tested.

  • Keep Your Security Up to Date. Most of the malicious software initially delivered via phishing emails continues to spread to other devices by means of computer vulnerabilities. Vendor security patches must be deployed ASAP to reduce the risk of widespread ransomware infections.

  • Alert Your Staff. Phishing is clearly a user-focused attack. Be sure that users have been trained to detect and safely handle malicious emails. Ongoing awareness efforts should be implemented to keep this threat ‘top of mind’. for users.

  • Deploy a Safety Net. There are some technical controls that can significantly reduce the number of phishing emails that make it to user mailboxes. Talk to your service provider about email filtering technology and advanced protocols such as SPF and DKIM.

Email-based threats such as phishing will continue to be a top attack vector for fraudsters and hackers. Be sure that your company is protected from this pervasive and evolving threat.

——————————————————————————————-

The Federal Trade Commission and Small Business Administration have collaborated to publish guidance (https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity) for these companies. This guidance is a great place to start for business leadership that is worried about cyber issues but aren’t sure where to begin.

North Wonders has produced a self-guided security assessment tool based on the SBA guidance referenced above. This tool (https://www.northwonders.com/offering/#self-guided) allows small businesses to quickly see their cyber hot spots and get actionable guidance on correcting any issues. For more information please contact us at Info@NorthWonders.com.