Believe it or not, cybercrime is an industry. An illegitimate industry, sure; but an industry never-the-less. It moves according to trends; as hackers explore the best ways to make money from illicit deeds.

While 2017 was plagued with data breaches and ransomware, experts are warning companies to watch for classic phishing attacks in 2018. No matter what type of business you operate, protection against cyberattacks is key to your survival.

Below, CyberPolicy discusses the dangers of phishing attacks and how to avoid them.

Will You Take the Bait?
According to researchers at Google and UC Berkeley, phishing poses a greater threat than data breaches when it comes to account compromise. How is this possible?

"For some people, Google controls most of their identity online, writes CSO. "And losing access to that critical account could be devastating.

Here's an example. Let's say your small business leverages Google's free business tools.  
Your employees use Gmail for all of their online communications and Google Drive to share and save files. Everyone in your organization loves the ease of use. But this amenity leads to complacency.  

This is when hackers strike. One of your employees receives an email from Google saying their account has been unduly accessed. It reads: The only way to save their account from deletion is to sign in with your username and password. Frantically, the employee shares their login information with the sender. Now the hacker has access to the employee's emails, documents, and anything else saved on Google's services.

"Data collected by Google shows that 80 percent of all the phishing kits observed targeted usernames, passwords, and geolocation; followed by phone numbers and device details, writes CSO. "For this reason, Google explained, it was determined that phishing posed the greatest threat.

And it's not just Google services you need to worry about. Phishers also target banking credentials, social media passwords, and just about everything in between.

Get Off the Hook
Phishing has been around for a long time. This is good news for businesses like yours because it means that the techniques to combat it have already been tested. While spam filters and antivirus programs can stymie malicious emails, the best technique is behavioral. By training your staff to recognize online scams, you can prevent suffering an attack.  

Here are some examples:

• Advise your staff to look for spelling and branding errors on the emails received. This can be as simple as an off-color Wells Fargo logo or "an alert from Google.
• Tell your staff to double-check the sender's address. If an employee receives an email from the CEO but doesn't recognize the address, it might be a forgery.
• When in doubt, follow up. Not sure why the CEO is asking for banking information over email? Just walk to her desk or call him on the phone to confirm the request. It could save you from a social engineering attack.

Hopefully, your small business never suffers a data breach, email scam, or cyberattack. But accidents happen. And clever crooks are hard to stymie forever. That's why you need to invest in cyber insurance. This helpful service will financially assist you in the event of a cyberattack.

Find the perfect coverage for your small business. CyberPolicy is here to help!