You don’t need to be a cybersecurity expert to ensure that your business is protected, but it is critical that you understand the online threats to your company’s network. Awareness of key threats will enable you to employ practices and behaviors that limit your company’s risk.
Today’s businesses face several major online threats:
Spam, unsolicited junk email, can be both received and distributed by businesses.
- Opening spam through your work email puts you at risk of contracting computer viruses and malware that is capable of disabling your corporate network or and allowing hackers to view and steal data.
- Distributing spam is another risk. Specific laws have established requirements for the type of commercial emails you can send to customers and potential customers.
To avoid ramifications from the FTC, all corporate emails to customers must abide by the following guidelines as stated in the CAN-SPAM Act of 2003:
- Do not use false or misleading subject header information
- Do not use deceptive subject lines
- Provide all email recipients with the option to opt off of your distribution list
- Ensure that your opt-off option is still working for at least 30 days after you send an email
- Identify your email as an advertisement and include your valid physical postal address
If you or your employees receive spam, forward it to firstname.lastname@example.org. The FTC uses this database to pursue legal actions against spammers.
Phishing attacks usually use fraudulent emails to trick consumers into sharing their personal data, such as Social Security numbers, or financial information (credit card account numbers, user names and passwords, etc.).
- Fraudulent Emails: Phishers trick consumers by sending them emails that appear to be from a reputable company, such as a bank, retailer or credit card company. These emails include Web links that take consumers to a fake Web site where they enter their personal information.
- Keystroke Programs: Phishers use fraudulent emails to place programs on computers that record every keystroke a consumer types. Phishers are then able to obtain usernames, passwords and other personal data.
- Website Hijacking: Phishers can take over the Web address of a company and re-direct Web surfers to a fraudulent, but realistic site, which steals consumer information.
- Monitor or register sites with similar spelling to yours.
- Provide your customers with an email address that allows them to validate that an email they receive with your branding is really from you.
- Monitor returned email messages as phishers often may hijack your email address to send bulk emails.
- Log your customer service calls and check for spikes in certain types of complaints such as a password inquiries and changes.
- Check for unusual customer account activity that has large volumes of logins, password changes, purchases, withdrawals, etc.
- Regularly search the Internet for use of your corporate logos.
Viruses and spyware can enter your computer through emails, downloads and clicking on malicious links.
- Viruses can enable hackers to steal valuable corporate, customer or employee information, distribute spam, delete files or crash your entire computer system.
- Spyware programs allow hackers to monitor your online activity and steal passwords, records, and other valuable data.
- Keep a clean machine: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
- Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Don’t open unsolicited email: Email scams like phishing are among the most common schemes criminals use to steal from your network. Use email filters to block these emails and be leery of any messages that ask you to provide personal information, even if they appear to come from a bank or company you’ve dealt with.
- Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
- Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.