Join our Waitlist for Expert Advice!

Secure Your Startup Against Phishers With These 3 Tips You didn't take candy from strangers when you were a kid; don't take the bait as an adult.

By Daniel Riedel Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

shutterstock

Phishers -- unscrupulous Internet lurkers who try to get your username, password, credit card number and other sensitive information by posing as trusted sources -- know there's a big pool of money out there. And, more often than not, to get it, all they need to do is cast a line and wait for prey to bite.

Related: How to Identify 5 Common Phishing Attacks

Even Mattel, that household-name manufacturer of children's toys, took the bait in a recent high-profile phishing scam. When an unnamed executive at Mattel received an email (ostensibly from CEO Christopher Sinclair) requesting a $3 million bank transfer, she approved it without a second thought.

Had the executive not made an off-handed remark to Sinclair later that day about the transfer, Mattel would have been on the hook for those millions.

Phishing may be the oldest trick in hackers' playbooks, but -- as demonstrated by Mattel's recent snafu -- it's remarkably effective. In fact, phishing cracks the door for more than 90 percent of hacking attacks.

The most devious of these phishing attacks are spear- phishing attempts such as the kind perpetrated on the toy company. A clever variation on traditional phishing, spear phishers collect information about a target's network to create email bait that appears to be from a trusted source.

And while most companies think they're equipped to handle these advances, more and more businesses are being tricked by phishers into releasing confidential information.

Little fish make big markets.

According to FBI data, business email-compromise schemes, such as phishing, cost companies $1.2 billion in 2015. And while one might assume that these low-tech, high-yield scams take disproportionately from the pockets of corporate giants, data shows small businesses to be the primary prey.

In 2015, the National Cybersecurity Institute found that 38 percent of spear-phishing attacks targeted companies with fewer than 250 employees. In comparison, just 25 percent of attacks were perpetrated against companies with more than 2,500 employees.

The reason? Hackers know that small businesses are more worried about getting off the ground than spoofed emails or international scammers. Essentially, entrepreneurs don't expect to be targets.

Entrepreneurs who utilize two-party authentication of transfers are somewhat protected, but even that security measure couldn't save Mattel from a clever attack. The only way entrepreneurs can truly prevent phishers from snagging them is through cultural awareness and communication.

Related: The Phishing Expedition You Want to Avoid This Summer

Get phishers' lines out of your pond.

No matter how much training employees receive, a specious sender can still slip under the radar. Entrepreneurs, here's how to create a secure environment that keeps phishers out:

1. Step away from the inbox.

As soon as a request for classified information or a wire transfer hits an employee's inbox, his or her first step should be to pick up the phone. This applies in particular to commonly targeted departments, like accounts payable or account services.

And if anyone, regardless of the department involved, receives a request for passwords or credit card information -- the proverbial "keys to the business" -- he or she should contact the supposed sender immediately to verify the request.

For example, when my CFO received an email asking for approval of an invoice, he Slacked me to check that I had indeed sent the invoice. Upon investigation, we discovered the invoice to be a phishing attempt, and, worse, it was loaded with a Trojan virus. Our double-check system paid off, and the invoice was deleted.

Related: Related: 4 Ways Your Small Business Can Better Prevent Cyber Crime

2. Trust, but verify.

The recent DocuSign scam was a huge wake-up call for business and individuals. Even when working with a trusted third party, check that the browser's "http" has switched to "https," which signifies a safe, encrypted connection. When you're in Google Chrome or Internet Explorer, a lock icon in the URL bar verifies you're in safe territory.

It may seem like wasted time, but a minute spent verifying a software request in your inbox is better than explaining to your team how you let a scammer steal $3 million. If in doubt, show the request to an IT professional; these are people who'll never fault you for being cautious.

3. Make caution your guide.

If something seems amiss, it probably is. For instance, if you receive an email from your office manager who writes that she "forgot her password," don't just fork over the information. Until you've investigated, assume it's a scammer in disguise.

Think back to your playground days: Even if the man with the candy seemed nice, your mom told you to assume he was out to get you until you learned otherwise. So, be cautious: Make a phone call to the organization, individual or help desk. The extra work was worth it when you were a kid; it's worth it now.

Related: How to Identify 5 Common Phishing Attacks

No one wants to be paranoid, but with so much on the line, it pays to pay attention. When in doubt, get out of the inbox and on to the phone, watch for insecure connections and trust your gut about fishy requests. Don't get hacked; get smart.

Daniel Riedel

CEO of New Context

Daniel Riedel is the CEO of New Context, a San Francisco-based systems architecture firm founded to optimize, secure, and scale enterprises. New Context provides systems automation, cloud orchestration, and data assurance through software solutions and consulting. Previously, Daniel founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Money & Finance

Customers Have a Favorite Payment Method — But 30% of Businesses Don't Accept It. Are You Driving Business Away?

This article examines the surprising gap between what consumers want in payment options and what small businesses currently offer. It also provides strategies for small business owners looking to adapt to these preferences and enhance customer loyalty.

Leadership

Could We Have The First Native American Woman Governor? DEI Expert Weighs In On What Allyship Should Look Like If History Is Made.

We can all learn more about what it means to be a better ally for those who are the "firsts" in their space. Here are three strategies around allyship this DEI expert recommends to her diversity, equity and inclusion (DEI) consultancy clients.

Business News

Google's CEO Says AI Is Now Responsible for 25% of 'All New Code' Created at the Company

Google CEO Sundar Pichai said engineers are moving faster because of AI.

Business News

'Additional Human Touch': Starbucks Has a Turnaround Plan That Includes Buying 200,000 Sharpies. Here's Why.

Faced with declining sales, Starbucks has a comeback plan that involves several changes to stores and menus. Here's a look at the changes coming to your store.