Small Business Talk
The Podcast to Grow your Business Faster
What are the Real Cyber Risks For Small Businesses with Caitriona Forde
Show Notes
Background
Caitriona Forde is from CAIT Business Consulting. Caitriona provides cyber awareness training to small to medium size and enterprise-size customers. With over 20 years industry experience, Caitriona started in the IT industry and in the last number of years has specialised in cyber security and cyber awareness training.
What are the Real Cyber Risks For Small Businesses?
Prevention is better than cure
It’s becoming very well known that humans and people are a huge risk, if not the biggest risk, when it comes to cyber security. It’s important to train people and staff to eliminate the risk and create human firewalls within a business.
Protecting your emails
Phishing are scam emails and it’s reported that 80% of cyberattacks are due to phishing email. There are different types of phishing including general phishing and spear phishing, which is very targeted attacks. When receiving an email, the first thing you should always check is who has sent the email and check the email address for any abnormalities. Make sure the name is spelt correctly and hover over the email address to make sure it is a proper email address. If you don’t know who the email is from, don’t open or reply to it. If somebody sends you an email and it seems suspicious but it looks legit, contact the person by phone or text and ask them if the email is from them and is legit. Don’t reply to their email until you have spoken to them.
Be wary of links in emails
Many scam emails try to get you to click on a link, download an attachment or pay a sum of money. If it doesn’t feel or sound right, don’t do whatever it is asking. Hover over links in emails by putting your mouse over the link and look to see where the link is going. If the link is going to a website that you don’t know, don’t click on it.
Phishing campaigns in businesses
Phishing campaigns in businesses train staff to identify phishing emails. In workplaces, staff often have emails sent to their business email address from Facebook, LinkedIn or eBay. When this occurs, it’s important to train staff to think “Do I use my business email for those accounts?” If not, this should be a red flag. Rather than simply clicking on the email, staff should stop and think “Why am I receiving this?” We live in a very fast-paced world and often don’t take the time to stop and think before we act.
Have multiple email accounts
Having multiple emails can help reduce the risk of a cyber-attack. Nowadays, everybody wants your email address, even to read articles or to get information, so have an email address that you’re willing to just have junk emails come into. Have another email account to monitor and get proper emails from, such as PayPal or Netflix or your bank, and then have a business account.
Spoofing emails
Spoofing emails usually target managing directors, CEO’s or high-profile people within organisations and normally ask for financial transactions. Scammers spoof your email address by using technology to make it look like an email has come from you, or they’ve hacked into your mailbox and are sending emails from your mailbox. It’s a good idea to get your IT company or whoever looks after email to check how they accessed your emails. If you have become a victim of the spoofing or had your mailbox hacked, let your clients and customers know that if they see something suspicious to alert you. Transparency is always best. You personally haven’t done anything wrong, so if you just let your customers know that there’s been an issue, they’re going to be more than happy to help you out. Whereas if you don’t, and then something happens, they may even think that you have done something.
There’s not one blanket approach to cyber security
There is different advice for different levels, sizes and types of businesses. As there’s not one blanket rule, backup is key. This allows you to plan for the inevitable. Although you may have spent a lot of money on your IT infrastructure and making sure that your security is up to date, and you feel like you’ve done the best, there always is a risk. Always check backups are running, even if you outsource your IT. Many businesses cannot sustain a downtime anything more than one day, so you should regularly do a disaster recovery test. Doing so allows you to plan and know the time and cost for you to be offline for that length of time.
Links
What are the Real Cyber Risks For Small Businesses?
Listen to Small Business Talk Episode 085 for the full episode.