While there are too many types of cyberattacks for business owners to stay on top of throughout their daily lives, they’ve more than likely come across phishing scams in their inboxes at some point or another. Phishing scams are designed to steal information or install malware on devices or desktop PCs. Scammers can be very clever with their phishing techniques. Sometimes, even the best of us fall victim to these attacks. When we do, these scams can deliver significant damage to our businesses.
The bad news is phishing attacks aren’t going away anytime soon. The total number of phishing sites detected in Q3 2019 was 266,387 — an increase of 46 percent from Q2 2019, according to a new phishing activity trends report published by Anti-Phishing Working Group (APWG), an international coalition dedicated to unifying the global response to cybercrime across various industries.
If you think you’ve been phished, don’t panic. Stay calm. There are several actions you, as a business owner, can take to minimize the attack’s damage to your company’s systems, networks, and data.
Disconnect your device or PC from the internet pronto
Immediately disconnect from the internet to prevent malware from spreading to other devices on your network. Now, there are a couple of ways to do this. If you’re using a wired connection, which is probably the case if you’re using a desktop PC at work, unplug the internet cable (it’s more than likely in the back of the computer tower); however, if you’re using a laptop, you’re probably connected to the internet via WiFi. Access your computer’s WiFi settings to disconnect from the network you’re on.
Scan your software for malware
Here’s where having immediate access to an IT professional comes in handy. The only way to find out if malicious code has infiltrated your networks and systems is to scan for it; however, this isn’t always easy to do, especially if you’re not a security expert. If you don’t have an IT professional on your payroll or a contract in place with an outsourced IT provider in your area, you’re going to have to do a little work on your end. Perform a full system scan with your antivirus software. When you do this, make sure you’re still offline (even if your software recommends you reconnect to the internet).
Change your usernames and passwords
One of the most important actions you must take after discovering you’ve handed over your credentials to a fraudulent website is changing your usernames and passwords. This is a critical step to ensuring cybercriminals can’t gain access to your company’s data. Here’s something to remember: Don’t use the same credentials for multiple platforms; you don’t want to make it easier for hackers.
Back up your files
Phishing attacks can destroy data. The best way to protect your company’s data from any cyberattack is to perform routine backups (which you can set and forget with various types of backup and disaster recovery (BDR) products); however, if you haven’t backed up your data recently, and you’ve just been phished, back up your data while you’re disconnected from the internet. Backing up your data protects you from the attack delivering additional damage. Depending on what’s available to you, you can back up your company’s data to external hard drives or numerous cloud-based storage options, which are relatively inexpensive, unless you’re backing up large amounts of data.
The likelihood of you or one of your employees falling for a phishing scam is high; however, with the right strategies in place, you can mitigate immediate damages, prevent further harm and continue conducting business as usual.