Do You Know Your Risk of Cyberattack?

Small businesses are a primary target, federal officials warn. Here's how to assess your own risks -- and minimize them.

learn more about David Wagner

By David Wagner


Opinions expressed by Entrepreneur contributors are their own.

Business email compromise is the bane of small businesses, because these phishing scams target companies with minimal processes, protocols and protections in place -- like those too small to have extensive cybersecurity budgets. According to the FBI's Internet Crime Complaint Center, business email compromise costs more than $675 million in damage in 2017, so the June arrests of 74 cyber criminals in the United States and abroad was a triumph for both large and small companies.

Even though one cyber gang has been taken offline, dozens remain. Earlier this year, the U.S. House Committee on Small Business warned small businesses that hackers are targeting and attacking them with the most sophisticated threats ever, and at an increasing rate. More alarmingly, committee members said, there is reason to believe hackers will continue to primarily target small businesses from now on.

Related: 4 Easy Ways to Protect Your Company From a Cyber Attack

The trickle-down effect of cyber crime

In March, a New York man pleaded guilty to defrauding a Virginia-based trade association out of more than $1 million. He used classic business email compromise tactics, such as mimicking the email address of a known travel vendor and asking the trade association to send future payments to a new account number. Obviously, his scheme worked -- at least for a time. But the question remained: Why would he target a trade association?

BEC is a sophisticated form of phishing, a cyber scam that tricks users into trusting illegitimate emails. A number of security measures can detect and flag these emails, and most large organizations already have them in place. By contrast, smaller organizations' budgets are, well, smaller, and non-cybersecurity issues may take greater priority. As a result, few small businesses have the protocols, procedures and protections in place to red-flag phishing emails.

Small businesses should take immediate action to increase security measures against email compromise threats because, according to First Business Financial Services, 38 percent of victimized companies are SMBs in all industries. This attack method isn't abating, so taking precautions is your safest bet.

Related: 3 Biggest Cybersecurity Threats Facing Small Businesses Right Now

Ironclad security on a limited budget

Just because a small business knows it's at risk of cyberattacks doesn't mean it can start multiplying its cybersecurity budget. Luckily, spending more is not as important as spending smartly. Targeted protections may not stop every attack, but they can stop the most common and the costliest. To prioritize business security, focus your efforts on these steps:

1. Implement email sender authentication standards.

Email is particularly vulnerable to spoofing and remains a leading security risk because users feel confident and secure in their inboxes. Business email compromise and other phishing schemes often spoof senders, but implementing authentication standards can protect against spoofing.

Start by putting in place standards that address email sender authentication. These include Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, Reporting and Conformance. Require the partners you do business with to also implement these email authentication standards.

2. Tap into outside experts.

Sender standards are effective, but they are also quite complex to implement and maintain. If protecting a company's security were easy, the FBI wouldn't have received more than 4 million complaints of internet crime between 2000 and 2017. For small businesses, the best solution is to seek out trusted providers or partners that provide useful tools to help in the implementation of these standards.

3. Take a multilayered approach to security.

Cyber scams are designed to bypass common security measures, and implementing sender authentication standards doesn't guarantee that the inbox is threat-free. Make sure layered security includes impersonation filtering to identify domains that are one character off from a trusted domain. Also, institute internal email filtering that can block external emails that look like they are from an internal user. Taking a layered approach aids in the identification of multiple techniques used in BEC attacks.

4. Create a process for authorizing wire transfers.

Confirm the legitimacy of any wire requests or changes to payment addresses. Call a verified individual or phone number. Do not use contact information from the email chain that's making the request.

5. Educate users.

In spite of all the available technology, users remain a critical line of defense. The more they recognize risks and understand threats, the more likely they are to avoid malicious emails and dangerous behaviors. Incorporate user education as a key way for to boost cybersecurity. According to recent reporting in the Wall Street Journal, one of the main reasons that employees resent attending cybersecurity training is that they are sent only when they've made a mistake, so the training is construed as punishment. To combat this negative association, reward your employees for their good cybersecurity habits, too.

Related: 6 Tips to Stop Hackers from Stealing Your Data and Your Business

Small businesses aren't just the most likely targets of cybercriminals; they are also the biggest victims. Larger companies can survive disruptions and can afford the recovery effort, but many small businesses cannot. With attacks on the rise, cybersecurity has become an existential threat to small businesses. It's imperative to adjust your security measures to keep your email inboxes -- and your business -- protected.

David Wagner

President and Chief Executive Officer, Zix

David Wagner serves as the president and chief executive officer of Zix, an email security company based in Dallas.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Business News

American Airlines Sued After Teen Dies of Heart Attack Onboard Flight to Miami

Kevin Greenridge was traveling from Honduras to Miami on June 4, 2022, on AA Flight 614 when he went into cardiac arrest and became unconscious mid-flight.


How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Growing a Business

Take Action Now to Protect Your Business From a Recession With These 4 Strategies

Business owners can implement these practical measures now to help their businesses grow, even before a recession is officially declared.

Business News

Would You Buy Maggie Murdaugh's Monogrammed Snake Print Pillows? Items From the Murdaugh Family Home Are Going Up for Auction

The sale comes just weeks after Alex Murdaugh was sentenced to two consecutive life terms for the June 2021 murders of his wife, Maggie Murdaugh, and son Paul Murdaugh.

Business News

These Are the Most and Least Affordable Places to Retire in The U.S.

The Northeast and West Coast are the least affordable, while areas in the Mountain State region tend to be ideal for retirees on a budget.

Business News

Mark Zuckerberg Has Promised More Transparency Amid Meta Layoffs — 5 Reasons That's a Smart Strategy

For decades, transparency hasn't been particularly popular among business leaders who manage teams. The times are changing though, and transparency is now gaining traction.