Some security hacks require a technologically savvy mind with the know-how to break through layers of firewalls and encryption. Phishing scams are not that kind of hack. They require only a limited understanding of how a computer or network functions, relying instead on those little flaws in human nature that can cause us to trust a friendly voice or click on a seemingly harmless link. Phishers don't know how to pick a lock. They just knock on every door until someone answers.
For small business owners, the best way to avoid falling victim to a phishing scam is knowing how to spot one and taking the necessary precautions to avoid it. Here are three of the most common enterprise phishing scams and a few tips for how to avoid getting hooked.
Vishing scams don't even require access to a computer. Instead perpetrators use the telephone to fool victims into revealing personal information. They might present themselves as a bank, government institution, or utility company and then request banking information or a Social Security number as a form of verification. Even asking for a small, seemingly harmless piece of information like a birthday or maiden name can open up a Pandora's box of identity theft opportunities since they are so commonly used for password and security question verification.
How do you avoid a vishing scam? Easy. Never give anyone who calls you your personal information. Banks have very strict policies about asking you for personal information over the phone. They will typically only request personal information if you call them â€” not the other way around.
Keyloggers are easily available programs that run in the background of your computer and record every keystroke that you make. These are legal programs that exist to help parents and business owners monitor their computer usage, but they have a nefarious application as well. Keylogging can be especially prevalent on laptops and smartphones, which can be left alone in public spaces just long enough for a swift-handed criminal to install the program and sync with his laptop over a public network.
Avoiding an unwanted keylogger is simple. Always password protect your device and consider a secondary password required for installing new software. And of course, don't leave a laptop unattended in a public space. If you don't become a victim of identity theft, you'll probably become a victim of property theft.
Malware is malicious software that is installed on your computer and can wreak havoc on your personal data and important files. It’s introduced to your machine by way of a Trojan horse, which can be in the form of an e-mail attachment, downloadable file or vulnerability in your network security. Small businesses are especially susceptible to this type of attack because of the sheer amount of data that can come and go from your network on a moment-to-moment basis. The door is always swinging open, and once a piece of malware sneaks in it can be a nightmare to push it back out. Malware can steal personal data, delete files or create side doors within your network that can allow in even more disastrous network intruders.
Avoiding malware requires having a sufficient level of network security, as well as some common sense thinking. Never open anything from an untrusted source, and make sure your employees understand that your computers are "work only."