Watch CBS News

Cyber Threat: 4 Ways To Protect Your Small Business From Phishing


Phishing. You've most definitely heard the term, but you may not quite understand what it is or how it can affect your small business. Phishing is the term given to those awful people who use the internet to break into your website to steal things like usernames, passwords and credit card numbers, or other sensitive information. Even if you don't keep a lot of sensitive information on your site, you may be surprised how much data can be found by some unscrupulous person who happens to break into your site. This is why it's more important than ever to keep your systems and your business protected from such issues. Here are a few ways to help protect yourself and your customers from phishing attacks.



Just because you're small

If you're a small business, you may think that phishers aren't going to focus on you. You'd be wrong. Unfortunately, in 2015, the National Cybersecurity Institute discovered that 38 percent of phishing attacks were aimed at companies that had less than 250 employees. This is because hackers are well aware of the limitations of those smaller businesses and know that it's much easier to break into them. Small business owners are too worried about marketing, sales, human resources and everything else that goes into a business to place much focus on protecting their data, which is just what all those hackers are hoping for.


Look at where your going

When searching the web, whether you're looking for information for your business or accessing your bank account on line, there are some small things you can check to make sure you haven't wandered down the wrong rabbit hole. Every internet browser will show a lock in the URL bar to signify that the site is secure. You'll also want to look for "https" versus "http" in the URL to signify a safe and encrypted website.


Teach caution

It seems so simple, but you want to ensure all your employees tread with caution. If something seems off or even just a little weird, it probably is worth investigating. For example, if you get an email from an employee who needs the security code on the back of the company credit card, don't just email it over. Call her to ensure that it's not a scammer. You'll want to have a discussion with your entire staff about safe internet protocol, how not to give out secure information and what steps you have taken to protect your company, your employees and your customers. Make caution the standard for your organization, and your employees will follow suit.


Pick up the phone

Make picking up the phone standard practice in your business. Every time a request comes in that includes any sort of sensitive information, such as a request for a password, email address, bank account number or anything else, it should be required that your employee picks up the phone to talk to the person who issued the request. It's far too easy to duplicate an email address, so this small measure will help ensure that only the authorized people are getting access to sensitive information.



This article was written by Deborah Flomberg of for CBS Small Business Pulse.


View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.