Your employees don’t think twice about clicking that link

A dangerous assumption: Mid-sized businesses often assume their larger competitors are more likely to be targeted by cyber criminals. 

Cybercrime is a scary area for any business, with recent figures highlighting losses of £1.18m replacing damaged hardware and £2.19m in lost revenue as a result of security breaches, according to the Opinion Matters Working Online survey. 

However, even in light of numerous high-profile corporate hacking cases in recent years, only about six in ten (58 per cent) of SMBs report being concerned about loss of company or customer information, social engineering or employee identity theft.

Stolen data is hugely damaging to business, both in a financial and a reputational aspect. The Opinion Matters research highlighted a particularly sensitive time window for cybercrime in the mid-market, between January and April when payments and transactions to tax and revenue agencies are at their highest. During this time, fraudulent emails and malware designed to compromise IT security are especially prevalent, and extra caution is vital in order to keep financial and personal data out of the hands of cyber criminals.

The most common fraudulent messages directed towards SMBs are designed to appear as if they have come from banks or financial institutions like the HMRC. Alarmingly, only 30.5 per cent of SMBs surveyed would think twice about clicking on a link directing them to the HMRC site. 

Surprisingly, the legal sector is particularly careless here: only 11 per cent are cautious about clicking on links posing as the HMRC. In fact, some 56.9 per cent of SMBs surveyed had received fraudulent emails asking for money, 36.8 per cent had received fake tax rebate emails, and some 12.3 per cent had been directed to a fake government web page before. 

These messages will direct SMB employees to click on links or reset password details in order to gain access to their companies’s data in the style of the following:

1. A secure message is waiting for you, click here to read;
2. Your account will be closed within 48 hours if you do not respond;
3. Please reset your online banking password; and
4. Click the link below to gain access to your account.

Mid-market vulnerability to cyber criminals is compounded by the fact that only a low proportion (on average, a third) invest in IT security to protect their business and ensure tax returns are filled out safely. 

The lack of investment is showing. Without IT security measures, only 57.7 per cent of SMBs surveyed reported being able to spot a fake tax email, while less than a third were confident they could spot a fake website.

Sales, media and marketing, travel and transport and the arts and culture sectors are particularly poor at investing in IT security. In addition, over half of SMBs would open emails from unknown sources and only 43 per cent use spam filters. As a result, 12.7 per cent of businesses surveyed reported having had personal/bank details or money stolen, and 8.5 per cent had been hacked. 

As a means of protection anti-virus software can be installed on mobile devices as well as PCs and should incorporate not only internet security for web browsing, but also firewalls and email defences to block the threats outlined above. 

Additionally, businesses need to educate their staff about fraudulent emails as exercising good judgement is also important. For example, many spam emails claiming to be from banks begin with generic phrases such as “dear customer”. Genuine emails never begin in this format as legitimate sources will know employees’ real names. 

Staff trained to recognise such emails can avoid putting finances at risk by responding or clicking on links. Combining awareness with a robust anti-virus suite is the best way for SMBs to keep their ‘money window’ safe.

Mike Foreman is senior vice president of global sales at AVG Technologies.

Share this story