Do You Know Your Risk of Cyberattack?

Small businesses are a primary target, federal officials warn. Here's how to assess your own risks -- and minimize them.
Do You Know Your Risk of Cyberattack?
Image credit: Shutterstock

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
President and Chief Executive Officer, Zix
5 min read
Opinions expressed by Entrepreneur contributors are their own.

Business email compromise is the bane of small businesses, because these phishing scams target companies with minimal processes, protocols and protections in place -- like those too small to have extensive cybersecurity budgets. According to the FBI’s Internet Crime Complaint Center, business email compromise costs more than $675 million in damage in 2017, so the June arrests of 74 cyber criminals in the United States and abroad was a triumph for both large and small companies.

Even though one cyber gang has been taken offline, dozens remain. Earlier this year, the U.S. House Committee on Small Business warned small businesses that hackers are targeting and attacking them with the most sophisticated threats ever, and at an increasing rate. More alarmingly, committee members said, there is reason to believe hackers will continue to primarily target small businesses from now on.

Related: 4 Easy Ways to Protect Your Company From a Cyber Attack

The trickle-down effect of cyber crime

In March, a New York man pleaded guilty to defrauding a Virginia-based trade association out of more than $1 million. He used classic business email compromise tactics, such as mimicking the email address of a known travel vendor and asking the trade association to send future payments to a new account number. Obviously, his scheme worked -- at least for a time. But the question remained: Why would he target a trade association?

BEC is a sophisticated form of phishing, a cyber scam that tricks users into trusting illegitimate emails. A number of security measures can detect and flag these emails, and most large organizations already have them in place. By contrast, smaller organizations’ budgets are, well, smaller, and non-cybersecurity issues may take greater priority. As a result, few small businesses have the protocols, procedures and protections in place to red-flag phishing emails.

Small businesses should take immediate action to increase security measures against email compromise threats because, according to First Business Financial Services, 38 percent of victimized companies are SMBs in all industries. This attack method isn’t abating, so taking precautions is your safest bet.

Related: 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now

Ironclad security on a limited budget

Just because a small business knows it’s at risk of cyberattacks doesn’t mean it can start multiplying its cybersecurity budget. Luckily, spending more is not as important as spending smartly. Targeted protections may not stop every attack, but they can stop the most common and the costliest. To prioritize business security, focus your efforts on these steps:

1. Implement email sender authentication standards. 

Email is particularly vulnerable to spoofing and remains a leading security risk because users feel confident and secure in their inboxes. Business email compromise and other phishing schemes often spoof senders, but implementing authentication standards can protect against spoofing.

Start by putting in place standards that address email sender authentication. These include Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance. Require the partners you do business with to also implement these email authentication standards.

2. Tap into outside experts.

Sender standards are effective, but they are also quite complex to implement and maintain. If protecting a company’s security were easy, the FBI wouldn’t have received more than 4 million complaints of internet crime between 2000 and 2017. For small businesses, the best solution is to seek out trusted providers or partners that provide useful tools to help in the implementation of these standards.

3. Take a multilayered approach to security. 

Cyber scams are designed to bypass common security measures, and implementing sender authentication standards doesn’t guarantee that the inbox is threat-free. Make sure layered security includes impersonation filtering to identify domains that are one character off from a trusted domain. Also, institute internal email filtering that can block external emails that look like they are from an internal user. Taking a layered approach aids in the identification of multiple techniques used in BEC attacks. 

4. Create a process for authorizing wire transfers.

Confirm the legitimacy of any wire requests or changes to payment addresses. Call a verified individual or phone number. Do not use contact information from the email chain that's making the request.

5. Educate users. 

In spite of all the available technology, users remain a critical line of defense. The more they recognize risks and understand threats, the more likely they are to avoid malicious emails and dangerous behaviors. Incorporate user education as a key way for to boost cybersecurity. According to recent reporting in the Wall Street Journal, one of the main reasons that employees resent attending cybersecurity training is that they are sent only when they’ve made a mistake, so the training is construed as punishment. To combat this negative association, reward your employees for their good cybersecurity habits, too. 

Related: 6 Tips to Stop Hackers from Stealing Your Data and Your Business

Small businesses aren’t just the most likely targets of cybercriminals; they are also the biggest victims. Larger companies can survive disruptions and can afford the recovery effort, but many small businesses cannot. With attacks on the rise, cybersecurity has become an existential threat to small businesses. It’s imperative to adjust your security measures to keep your email inboxes -- and your business -- protected.

More from Entrepreneur
Our Franchise Advisors are here to help you throughout the entire process of building your franchise organization!
  1. Schedule a FREE one-on-one session with a Franchise Advisor
  2. Choose one of our programs that matches your needs, budget, and timeline
  3. Launch your new franchise organization
Discover the franchise that’s right for you by answering some quick questions about
  • Which industry you’re interested in
  • Why you want to buy a franchise
  • What your financial needs are
  • Where you’re located
  • And more
Make sure you’re covered for physical injuries or property damage at work by
  • Providing us with basic information about your business
  • Verifying details about your business with one of our specialists
  • Speaking with an agent who is specifically suited to insure your business

Latest on Entrepreneur