Protecting Your Small Business From Malicious Email

Email is far from dead, folks. Businesses ranging from large to local all benefit from having an email system in place. For a small business, setting up an official email is a great way to keep all important business matters and inquiries in one convenient place. It’s a little alarming, but about 97% of the 60 billion emails sent each day are considered spam. These spam messages may have been written intending harm for the receivers, or they may just be ‘junk mail’. Email hosts nowadays have decent spam filters in place to comb through your incoming mail, but malicious messages can still slip through.

Recognizing a Malicious Email

1. They notify you of an order you never made, e.g. via PayPal or Amazon, and offer a link to cancel it.
2. The email asks you to reply with personal info such as usernames, passwords, bank info, social security number, etc. Important groups like banks will NEVER ask for log in info via email.
3. Offers, coupons, or deals included look a little too good to be true. Check the website itself, don’t click any links that claim to bring you to the website.
4. The tone is off, or there are strange typos and grammatical errors. Phishing scams and hackers aren’t always concerned with quality content, and sometimes English isn’t their first language. If you notice strange errors or “off” language, that’s a red flag.
5. The email address is just a bit different. If Aunt Ann’s email is AnnaBanana@gmail.com and you’re getting a strange email from AnnaBanana@mail.de, it’s probably not sweet Aunt Ann. Get familiar with the email addresses of the websites and people you correspond with often so you can recognize when the address is potentially a fraud.

Easy Steps to Prevent Disaster

1. Install trusted extra cyber security software, such as spam blockers, a firewall, or anti-virus — better yet, a functioning combo of all three.
2. Keep at least three copies of your critical data. One copy should be stored off-site, backed up on the cloud.
3. Keep all your software up to date and have someone take care of patch management. Old software can have well-known and easily exploited vulnerabilities.
4. Purchase cyber insurance. In the worst case scenario of a successful phishing scam, your business can go under. If you can fit insurance in your budget, it may be a good idea.
5. Educate all your employees — and then test them. All of your employees with any access to email should know these warning signs and prevention steps. Once they have been informed, try sneaking in a couple fake ‘phishing’ emails to see how they react.
6. When you get these emails, document them and notify the company or person that the email is impersonating.

Remember that anyone can be a victim of spam, phishing, and other cyber crime, even a small business. The fiscal damage caused by cyber crime is projected to reach $6 trillion (yes, with a “t”) each year by 2021, and small businesses will definitely be a target. Why? because they are presumably less prepared than large businesses who potentially have more resources and training. Don’t be caught unawares, stay informed and vigilant and encourage employees to do the same.