Get All Access for $5/mo

Secure Your Startup Against Phishers With These 3 Tips You didn't take candy from strangers when you were a kid; don't take the bait as an adult.

By Daniel Riedel Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

shutterstock

Phishers -- unscrupulous Internet lurkers who try to get your username, password, credit card number and other sensitive information by posing as trusted sources -- know there's a big pool of money out there. And, more often than not, to get it, all they need to do is cast a line and wait for prey to bite.

Related: How to Identify 5 Common Phishing Attacks

Even Mattel, that household-name manufacturer of children's toys, took the bait in a recent high-profile phishing scam. When an unnamed executive at Mattel received an email (ostensibly from CEO Christopher Sinclair) requesting a $3 million bank transfer, she approved it without a second thought.

Had the executive not made an off-handed remark to Sinclair later that day about the transfer, Mattel would have been on the hook for those millions.

Phishing may be the oldest trick in hackers' playbooks, but -- as demonstrated by Mattel's recent snafu -- it's remarkably effective. In fact, phishing cracks the door for more than 90 percent of hacking attacks.

The most devious of these phishing attacks are spear- phishing attempts such as the kind perpetrated on the toy company. A clever variation on traditional phishing, spear phishers collect information about a target's network to create email bait that appears to be from a trusted source.

And while most companies think they're equipped to handle these advances, more and more businesses are being tricked by phishers into releasing confidential information.

Little fish make big markets.

According to FBI data, business email-compromise schemes, such as phishing, cost companies $1.2 billion in 2015. And while one might assume that these low-tech, high-yield scams take disproportionately from the pockets of corporate giants, data shows small businesses to be the primary prey.

In 2015, the National Cybersecurity Institute found that 38 percent of spear-phishing attacks targeted companies with fewer than 250 employees. In comparison, just 25 percent of attacks were perpetrated against companies with more than 2,500 employees.

The reason? Hackers know that small businesses are more worried about getting off the ground than spoofed emails or international scammers. Essentially, entrepreneurs don't expect to be targets.

Entrepreneurs who utilize two-party authentication of transfers are somewhat protected, but even that security measure couldn't save Mattel from a clever attack. The only way entrepreneurs can truly prevent phishers from snagging them is through cultural awareness and communication.

Related: The Phishing Expedition You Want to Avoid This Summer

Get phishers' lines out of your pond.

No matter how much training employees receive, a specious sender can still slip under the radar. Entrepreneurs, here's how to create a secure environment that keeps phishers out:

1. Step away from the inbox.

As soon as a request for classified information or a wire transfer hits an employee's inbox, his or her first step should be to pick up the phone. This applies in particular to commonly targeted departments, like accounts payable or account services.

And if anyone, regardless of the department involved, receives a request for passwords or credit card information -- the proverbial "keys to the business" -- he or she should contact the supposed sender immediately to verify the request.

For example, when my CFO received an email asking for approval of an invoice, he Slacked me to check that I had indeed sent the invoice. Upon investigation, we discovered the invoice to be a phishing attempt, and, worse, it was loaded with a Trojan virus. Our double-check system paid off, and the invoice was deleted.

Related: Related: 4 Ways Your Small Business Can Better Prevent Cyber Crime

2. Trust, but verify.

The recent DocuSign scam was a huge wake-up call for business and individuals. Even when working with a trusted third party, check that the browser's "http" has switched to "https," which signifies a safe, encrypted connection. When you're in Google Chrome or Internet Explorer, a lock icon in the URL bar verifies you're in safe territory.

It may seem like wasted time, but a minute spent verifying a software request in your inbox is better than explaining to your team how you let a scammer steal $3 million. If in doubt, show the request to an IT professional; these are people who'll never fault you for being cautious.

3. Make caution your guide.

If something seems amiss, it probably is. For instance, if you receive an email from your office manager who writes that she "forgot her password," don't just fork over the information. Until you've investigated, assume it's a scammer in disguise.

Think back to your playground days: Even if the man with the candy seemed nice, your mom told you to assume he was out to get you until you learned otherwise. So, be cautious: Make a phone call to the organization, individual or help desk. The extra work was worth it when you were a kid; it's worth it now.

Related: How to Identify 5 Common Phishing Attacks

No one wants to be paranoid, but with so much on the line, it pays to pay attention. When in doubt, get out of the inbox and on to the phone, watch for insecure connections and trust your gut about fishy requests. Don't get hacked; get smart.

Daniel Riedel

CEO of New Context

Daniel Riedel is the CEO of New Context, a San Francisco-based systems architecture firm founded to optimize, secure, and scale enterprises. New Context provides systems automation, cloud orchestration, and data assurance through software solutions and consulting. Previously, Daniel founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

Why Does Taylor Swift Keep Stopping Her Shows Mid-Song? It's Actually a Great Lesson in Leadership.

Taylor Swift has paused nearly half of her shows while on the European leg of her Eras tour, and the reason is something leaders can learn from.

Business News

How to Start Your Dream Business This Weekend, According to a Tech CEO Worth $36 Million

He started his now 14-year-old company in one weekend for $60 — it made $300,000 the first year, and $3 million the second.

Side Hustle

This Mom Started a Side Hustle on Facebook — Now It Averages $14,000 a Month and She Can 'Work From a Resort in the Maldives'

Heather Freeman was searching for a way to make some extra cash — and her cousin gave her a great idea.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Side Hustle

This 26-Year-Old's Side Hustle That 'Anybody Can Do' Grew to Earn $170,000 a Month. Here's What Happened When I Tested It.

Stephen Alvarez was working at a dental supply company and following his passion for cars on the side — then an Instagram ad changed everything.