Cyberattacks on large corporations often make frontpage news – like the one that hit LinkedIn in June 2021, posting more than 90% of its user accounts on a dark web forum and putting their data up for sale. But you don’t have to be the world’s largest online network for professionals or a Fortune 500 company to be at risk of cyberattacks. According to cybersecurity firm, Coalition, small businesses with revenues under $25 million have been particularly vulnerable in the last two quarters of 2021 and first two quarters of 2022. The average cost of a claim for a small business owner was $139,000 – an amount high enough to put a burgeoning small business OUT of business. While those statistics may ebb and flow with regard to impact and the number of claims, the one thing that remains consistent is that the vulnerability seems to lie among employees who unknowingly fall victim to phishing scams.
What is Phishing?
Phishing occurs when bad actors create fake websites or use emails or text messages to trick the recipient into clicking on a link that will rob them of their personal or financial information. They are literally “fishing” for someone to lure. As phishing scammers become more sophisticated in their craft, it becomes harder for unsuspecting employees to detect. One ill-fated click could give a scammer access to your company’s bank accounts and your clients’ information. In its 2022 Mid-Year Claims Report, Coalition revealed that – during the first half of 2022 – phishing accounted for 58% of reported cyberattack claims. Even more disconcerting than the statistic itself is that it represents a very sharp 32% increase in phishing incidents from the second half of 2021.
Four Ways to Stay Off the Phishing Hook
At Gillman Insurance, we’ve witnessed firsthand the growth of our cyber insurance division in step to meet the need. Intellectual property theft alone costs U.S. businesses an estimated $250 billion per year. To that end, we’ve pulled together four ways you can protect yourself from a potential phishing scam…
- Educate Your Employees: This is your first and most important line of defense. Host a training workshop to teach your employees how to recognize a possible phishing scam. According to the Federal Trade Commission, these bad actors will often use tricks like fictional “suspicious activity” on a company credit card or a problem with an account or an invoice to get the recipient to click on a link. These may appear to be emails from reputable companies, but they are not. Do your homework to learn all the latest tricks phishers are using and disseminate this information regularly to your team.
- Set Your Spam Filters on High: While some phishers will know their fair share of tricks to outsmart your spam filters, this measure will help separate out most of the suspicious and potentially hazardous stuff.
- Equip All Your Company Computers with Security Software: This is a great area to invest some of your budget to protect your company, your employees and your customers. Research the most effective software and update often to stay ahead of cyberattackers. Choose well and this could protect you from far more than phishing.
- Invest in Cyber Security Insurance: Even if you follow all of the steps above, your company is still at risk of a phishing attack. Much like an expensive security system on your home gives you a higher level of protection, there may be that occasional thief that knows how to surpass the system and sneak in the back door. At Gillman Insurance, we pride ourselves in being Problem Solvers. Call on our team to review your company’s potential vulnerabilities and build the ideal package to protect your company from a costly cyberattack. We invite you to request a no-obligation quote on our website at www.gillmanins.com, call our team at (678) 822-0148 [or Toll Free at (800) 378-0766] to schedule a meeting, or drop by our offices at 11175 Cicero Drive, Suite 575 in Alpharetta. We look forward to serving you and helping you stay off the phishing hook!
If you suspect a phishing attempt on your business, be sure to report it to the FTC at www.ReportFraud.ftc.gov.