October isn’t just about pumpkin spice and fall leaves; it’s also Cybersecurity Awareness Month, which aptly fits into the spookiness of the season. And there is one type of email that you should fear and keep on your radar: phishing.
According to the 2023 Verizon Data Breach Investigations Report, an annual report on trends in data breaches and cyberattacks, phishing emails are the top threat for small and medium-sized businesses like florists. Why? Because small business owners can be a little too trusting — and are often overwhelmed. Cybercriminals know this and use tricky tactics to manipulate and exploit business owners.
Cybercriminals use phishing emails to deploy ransomware. Ransomware is like a weed in your garden. Once it takes root in your computer, it locks up your data, preventing you from accessing it. The only way to get your data back is to pay the hackers. But here’s the kicker: Even if you pay, there’s no guarantee they’ll give your data back. And if they’ve nabbed customer information they might threaten to expose that data unless you pay even more. The Verizon Data Breach Investigations Report found that small businesses paid an average ransom of $26,000.
Here’s how to spot a phishing email:
- Do you recognize the sender’s address? A legit company such as Microsoft or Netflix won’t email you from a Gmail or Yahoo account.
- Is it marked ‘urgent?’ Hackers love the ‘urgent’ label. It’s their way of making you act without thinking. If an email screams urgency, take a deep breath and scrutinize it.
- Was the email expected? If you know the sender, were you expecting an email from them? If an email seems out of the blue, call the sender to confirm. Don’t reply to the email directly.
Safeguard your business with these tips:
- Pause before clicking. Always think twice before clicking links or opening attachments.
- Guard your login info. Legit businesses or support teams will never ask for your login details. If they do, trash the email.
- Enable email authentication. Talk to your email provider about enabling authentication to bolster email security.
- Enable two-factor authentication. Passwords are vulnerable to cyberattacks. Two-factor authentication is a simple step that verifies you are the account holder with a password, PIN, or security questions and another factor, such as a one-time passcode sent by email, text or app, or it can be a fingerprint or face identification.
Joe Aldeguer is the IT Director for the Society of American Florists.