Cyber Monday Sale! 50% Off All Access

Do You Know Your Risk of Cyberattack? Small businesses are a primary target, federal officials warn. Here's how to assess your own risks -- and minimize them.

By David Wagner

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Business email compromise is the bane of small businesses, because these phishing scams target companies with minimal processes, protocols and protections in place -- like those too small to have extensive cybersecurity budgets. According to the FBI's Internet Crime Complaint Center, business email compromise costs more than $675 million in damage in 2017, so the June arrests of 74 cyber criminals in the United States and abroad was a triumph for both large and small companies.

Even though one cyber gang has been taken offline, dozens remain. Earlier this year, the U.S. House Committee on Small Business warned small businesses that hackers are targeting and attacking them with the most sophisticated threats ever, and at an increasing rate. More alarmingly, committee members said, there is reason to believe hackers will continue to primarily target small businesses from now on.

Related: 4 Easy Ways to Protect Your Company From a Cyber Attack

The trickle-down effect of cyber crime

In March, a New York man pleaded guilty to defrauding a Virginia-based trade association out of more than $1 million. He used classic business email compromise tactics, such as mimicking the email address of a known travel vendor and asking the trade association to send future payments to a new account number. Obviously, his scheme worked -- at least for a time. But the question remained: Why would he target a trade association?

BEC is a sophisticated form of phishing, a cyber scam that tricks users into trusting illegitimate emails. A number of security measures can detect and flag these emails, and most large organizations already have them in place. By contrast, smaller organizations' budgets are, well, smaller, and non-cybersecurity issues may take greater priority. As a result, few small businesses have the protocols, procedures and protections in place to red-flag phishing emails.

Small businesses should take immediate action to increase security measures against email compromise threats because, according to First Business Financial Services, 38 percent of victimized companies are SMBs in all industries. This attack method isn't abating, so taking precautions is your safest bet.

Related: 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now

Ironclad security on a limited budget

Just because a small business knows it's at risk of cyberattacks doesn't mean it can start multiplying its cybersecurity budget. Luckily, spending more is not as important as spending smartly. Targeted protections may not stop every attack, but they can stop the most common and the costliest. To prioritize business security, focus your efforts on these steps:

1. Implement email sender authentication standards.

Email is particularly vulnerable to spoofing and remains a leading security risk because users feel confident and secure in their inboxes. Business email compromise and other phishing schemes often spoof senders, but implementing authentication standards can protect against spoofing.

Start by putting in place standards that address email sender authentication. These include Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance. Require the partners you do business with to also implement these email authentication standards.

2. Tap into outside experts.

Sender standards are effective, but they are also quite complex to implement and maintain. If protecting a company's security were easy, the FBI wouldn't have received more than 4 million complaints of internet crime between 2000 and 2017. For small businesses, the best solution is to seek out trusted providers or partners that provide useful tools to help in the implementation of these standards.

3. Take a multilayered approach to security.

Cyber scams are designed to bypass common security measures, and implementing sender authentication standards doesn't guarantee that the inbox is threat-free. Make sure layered security includes impersonation filtering to identify domains that are one character off from a trusted domain. Also, institute internal email filtering that can block external emails that look like they are from an internal user. Taking a layered approach aids in the identification of multiple techniques used in BEC attacks.

4. Create a process for authorizing wire transfers.

Confirm the legitimacy of any wire requests or changes to payment addresses. Call a verified individual or phone number. Do not use contact information from the email chain that's making the request.

5. Educate users.

In spite of all the available technology, users remain a critical line of defense. The more they recognize risks and understand threats, the more likely they are to avoid malicious emails and dangerous behaviors. Incorporate user education as a key way for to boost cybersecurity. According to recent reporting in the Wall Street Journal, one of the main reasons that employees resent attending cybersecurity training is that they are sent only when they've made a mistake, so the training is construed as punishment. To combat this negative association, reward your employees for their good cybersecurity habits, too.

Related: 6 Tips to Stop Hackers from Stealing Your Data and Your Business

Small businesses aren't just the most likely targets of cybercriminals; they are also the biggest victims. Larger companies can survive disruptions and can afford the recovery effort, but many small businesses cannot. With attacks on the rise, cybersecurity has become an existential threat to small businesses. It's imperative to adjust your security measures to keep your email inboxes -- and your business -- protected.

David Wagner

President and Chief Executive Officer, Zix

David Wagner serves as the president and chief executive officer of Zix, an email security company based in Dallas.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Real Estate

Why Real Estate Should Be a Key Part of Your Wealth-Building Strategy in 2025 and Beyond

Real estate remains a strong choice for building wealth in 2025 and beyond, from its ability to generate passive income to offering long-term appreciation and acting as a hedge against inflation.

Business News

'I Stand By My Decisions': A CEO Is Going Viral For Firing Almost All of the Company's Employees — Here's Why

The Musicians Club CEO Baldvin Oddsson fired 99 workers at once over Slack for missing a morning meeting. But there's a catch.

Marketing

How to Beat the Post-Holiday Sales Slump and Crush Your Q1 Goals

Overcome the post-holiday sales slump and keep the momentum strong with these key tips.

Franchise

Subway's CEO Steps Down Amid a Major Transition for the Sandwich Giant

John Chidsey will step down at the end of 2024, marking the close of a transformative five-year tenure.

Business News

'This Company Has Been My Life': Intel CEO Retires, Reportedly Forced Out

Intel CEO Pat Gelsinger has led the company since February 2021 and said his departure is "bittersweet."

Franchise

You Can Start These 10 Franchises for $10,000 or Less

Many budget-friendly franchise opportunities are in industries with high demand, such as home services, cleaning or mobile businesses.