Hot Topics
Application Security Cybersecurity Identity & Access Incident Response Mobile Security Network Security Security Awareness Security Boulevard (Original) 

How to Protect Your Small Business From Personalized Cyberattacks

Avatar photo by Ian Matthews on August 25, 2022

Small businesses (SMBs) are increasingly targets of cyberattacks and are often financially devastated by a single successful attack. Even with a significant network of security tools in place, SMBs can be caught off guard by the increasing number of attack methods threat actors choose to employ. However, with the following information, SMBs can safeguard their business and their employees from two common attack types: Executive impersonation and business email compromise (BEC).

One of the most crucial things to watch out for is executive impersonation, which can start with a spear phishing attack on a key member of the executive team. A successful initial attack will lead to the compromise of the individual’s phone number or email account, providing a threat actor with both a window into internal events, but also a means to request funds transfers or other financial theft. Interestingly, once successful, the threat actor may also monitor the same executive’s social media accounts and wait until they are on vacation or out of the office before making first contact.

This is not directly part of the attack vector; however, it is an effective surveillance tool.

Identify Attacks

These types of phishing attacks are on the rise because they rely on human error rather than software or operating system vulnerabilities. Mistakes by well-intentioned employees are less preventable and predictable, but they can be identified and thwarted if recognized quickly. WMC Global recommends companies employ a service that monitors for active phishing attacks and for client interaction or compromise. Thus, when an employee in a business makes a mistake and visits a malicious site or provides credentials to a thief, the event can be identified quickly, and the company warned in real-time.

Securing Small Businesses Against BEC Attacks

When looking to secure small companies, the importance of employing BEC alerting also cannot be overlooked. According to the FBI, in 2021 small businesses lost upwards of $2.4 billion in email scams, including BEC attacks. Why are BEC attacks so successful? The threat actors do their research and are very selective about who they target. They complete full background profiles and potentially dox their targets as well. When employees fall for and submit credentials in these types of attacks, urgent action is needed to prevent damage and protect critical business systems.

So, how can small businesses protect their employees from these in both the short and long term?

1. Train Your Employees. Make sure to train employees about the signs of social engineering attacks at least quarterly. Emphasize identifying and avoiding phishing attacks sent not only to the business email but also via SMS phishing messages.
2. Develop Procedures for Critical Process. Ensure that your company has documented policies for making changes to key financial procedures, and especially external payments to suppliers and partners.
3. Test Your Employees. Run simulations to ensure that your employees can identify and report both phishing and social engineering attacks.
4. Keep Travel Plans Private. Key executives should avoid exposing personal travel plans on social media, especially on overseas trips. Threat actors will take advantage of difficult and limited communications in these situations to impersonate key business executives and make requests that are hard for the company to validate effectively – back to the need for the development of procedures for critical processes.
5. Continue Defense Measures. Leverage special intelligence that can identify if a business employee clicks on a malicious link or that urgently notifies the company when an employee’s email or credentials are recovered from an active phishing attack.

Guarding SMBs

It’s critical for small businesses to understand that they will always be vulnerable to cyberattacks, but the above measures can provide defense for companies from threats that lead to executive impersonation and business email compromise. Following these five tips, SMBs will be well guarded against any attacks launched against their organization. Staying vigilant can be a decision that ultimately liberates a small business from threat actors and marketplace attack trends.

Ian Matthews , , ,
Avatar photo

Ian Matthews

Ian Matthews is co-founder, President and CEO of WMC Global. He is a co-inventor of mobile in-market monitoring and leads the ideation of spam and threat mitigation efforts. Over the last 5 years, Ian has diversified the company customer base from telco-centric to include financial services, cybersecurity, and government agencies. He has, in turn, expanded the product suite to include a full range of compliance, risk assessment, and cybersecurity solutions. In the last two years alone, Ian has doubled the number of customers who rely in WMC Global's services. Prior to WMC Global, Ian co-founded and led a mobile ad consulting company, assisting international content providers with the transition to the US market primarily through helping to engage with carriers and facilitate program launches. His work in SMS interoperability contributed to the successful launch of SMS as a major force in the United States in the early 2000s. Ian has worked with Fortune 500 companies and major industry associations on mobile threats, digital content piracy, compliance standards, and consumer protection.

ian-matthews has 1 posts and counting.See all posts by ian-matthews