There are a plethora of risks that small business owners face on a daily basis. Among them is perhaps the fastest growing yet oft-ignored area of real business risk – cyber attacks.
Cybersecurity is an increasing concern for many, as SMBs are increasingly being targeted by malicious actors to exploit them for financial gain. One of the most common risk vectors which has existed for decades yet continues to rise in prevalence is the use of malicious emails by bad actors.
Spam and phishing emails continue to rise as major threats to SMBs – in fact, phishing represents the top threat for nearly 30% of SMBs.
Why Malicious Emails Are So Easy to Abuse
According to a study by the Ponemon Institute, the average time from receipt of a phishing email to discovery of an intrusion was 197 days.
On average, that’s almost 2 months between the first suspicious email and full-blown breach. That means that SMBs have ample opportunity for malicious actors to extract information from their systems before they’re even aware of it happening.
While your customers will know not to click on links in emails from unknown senders, employees may be more susceptible to these tactics – especially if they feel pressured into clicking through or acting quickly on what seems like an urgent message.
During Q4 2016, Kaspersky Lab registered attacks with financial malware against 319,692 users worldwide. That is 22.49% more than during the same period in 2015.
There are 2 primary attack channels which makes employees the cause of the majority of breaches caused by malicious emails:
- SMS Phishing Attacks
Attackers can compromise employee mobile devices and send them text messages posing as bank officials asking them for sensitive information in order to steal money or other data. These attacks often involve ‘spoofing’ numbers so that recipients believe the texts are coming from legitimate sources, which increases the likelihood that victims will fall prey.
Spoofing numbers are impersonating everyone from bank officials, to vendors to even fellow employees, represent the single biggest risk vector to SMBs according to Kaspersky analysis.
- Fake Invoices
One out of three cyberattacks target small businesses using fake invoices. This is another common tactic among attackers who pose as vendors or suppliers who try to trick business owners into paying invoices using wire transfers when there is no real service agreement set up between parties involved.
The hope is that once this happens one time, businesses are likely going to repeat this process with new orders going forward without ever questioning whether there’s really a legitimate reason behind payment requests or not.
Unlike bigger companies, SMBs offer the perfect opportunity for malicious actors – they often manage significant amounts of capital, while having security systems about as lax as most people’s personal financial data.
Cybersecurity is one of the biggest concerns for future proofing a business. Malicious emails sent to employees continues to represent a massive risk vector that any forward-thinking business owner must hedge against.