As a small business owner, you may not have the luxury of a big budget for cyber security. But that doesn't mean it should take a backseat.
More than a third of cyber-attacks on businesses involve phishing - the act of sending fraudulent emails with the aim of accessing vital information such as passwords and even credit card numbers.
According to the researches, 84% of Malaysian SMEs fell prey to cyber fraud incidents in 2018.1 And the potential economic loss Malaysia could sustain due to cyber crimes could be a whopping estimated RM49.15 billion.2
So there are compelling financial reasons for knowing how to spot the signs of phishing and how to protect your business.
But what exactly is phishing? And what should you look out for?
How to spot phishing emails
Phishing scams exploit the way we're inclined to think and act. They try to make you give away sensitive information about yourself, your business and your finances.
A typical phishing email may look like it's from your bank or a popular social media network. But it contains a link to a webpage created by the fraudster to capture your password or gain access to your computer.
There are several signs that an email may be a phishing attempt. David McCaw, Global Head of Cyber security Education and Awareness at HSBC, suggests that before opening the email or selecting any links or attachments: "Take a moment to think 'Was I expecting this email? Does it look right?'"
Common signs of a phishing email include:
- an unusual sender. While it might show the name of a familiar bank or company, a closer look reveals that the email comes from an address you don't recognise.
- deceptive links. Hovering over a link will show you the actual URL that it will take you to. It could be a completely different website or a misspelt version of a popular website.
- a sense of urgency. Phishing emails often claim you'll get into some kind of trouble if you don't respond quickly. This could be in the form of a fake demand from the Inland Revenue Board of Malaysia
or a notice telling you that you might miss out on a tax refund.
- impersonation. Cyber criminals may pose as CEOs or senior executives and send emails to your employees in an attempt to trick them into paying bogus invoices and sharing sensitive data.
Phishing emails often claim you'll get into some kind of trouble if you don't respond quickly
Equip your employees with knowledge
Cyber criminals look for the weakest link when planning their attack - often, this might be an employee. "Think of your employees as a human firewall," McCaw says. "The more they know what to look out for, the less likely they'll pay a fake invoice or share passwords with third parties."
Here are a few ways your employees can keep their personal data and information about your business safe.
- Double-check, the traditional way. If you suspect an invoice you received by email is fake, call the company directly to verify that it's real.
- Scrutinise the small stuff. Is the logo in the email blurry? Do the payee bank details on the invoice match what you have on file? If something doesn't look right, put the email in quarantine (a location on the server to store suspected spam temporarily) or delete it.
- Stay vigilant. Fraudsters may target small businesses by phone as well. If you get a suspicious call, note down the time, number and company that the caller claims to be working for. Speak to the company on their official number to check if the call was real.
- Cyber security training. Offered by more and more accredited bodies, and a good way to ensure everyone in your firm knows what to look for and how to respond if a breach occurs.
Encrypt your data and back it up, preferably offsite
As cyber security threats increase in volume, it becomes more a case of when you'll be targeted, than if. But you can act now to prepare yourself against attacks.
"Encrypt your data and back it up, preferably offsite," McCaw suggests. "And don't forget the small things that can make a big difference. Automatic software updates that pop up while you're in the middle of something can be annoying. But the longer you put these updates off, the longer you're vulnerable to cyber-attacks."
If you think you've been a victim of phishing:
- Report it to the police
- Let your bank know immediately
- If you have cyber crime insurance, contact your insurer
- Consider cyber crime prevention training for you and your employees
You can also speak to your Relationship Manager or call our contact centre at +603 8321 8888 for any enquiries related to HSBC Fusion.
I'm an HSBC/HSBC Fusion customer
I'm an HSBC Amanah/HSBC Amanah Fusion customer
The content above is intended for informational purposes only and should not be treated as business advice.
HSBC does not endorse any recommendations from third parties mentioned in this article.