A growing threat that has been on the rise and cannot be ignored for home furnishings businesses is the threat of a cyberattack. According to CyberSecurity Magazine, 61% of small to medium-sized businesses (SMBs) have reported at least one cyberattack during the previous year, and 43% of all data breaches now involve SMBs. While these statistics are alarming, the good news is that many cost-effective things can be done to significantly reduce the risk of a successful attack and ensure the ability to recover should an incident occur. In this article, we will discuss what small home furnishings businesses can do to help mitigate the risk of a retail cyberattack.
EMPLOYEE TRAINING
We can all agree that our employees are our greatest asset. But when it comes to cybersecurity, they can also be our greatest risk. Researchers at Stanford University found that 88% of all data breaches are caused by an employee making a mistake. This has been a consistent trend in cybersecurity for many years, but it can be avoided with persistent cybersecurity awareness and policy training for our employees.
For context to this problem, let’s examine one of the many ways hackers attempt to trick our employees into making a mistake.
PHISHING
Phishing is a form of social engineering and is a common technique used by hackers to trick employees into divulging company information or to download malicious code. This technique takes advantage of all our best employees’ traits: trust and a desire to help others.
Phishing attacks can occur through email, text messages, instant messaging, social media, or phone calls. The common thread of a phishing attack is to present an immediate problem to our employee and ask for their help. Below is an example:
The hacker sends a text message that looks like it is coming from a supervisor or co-worker.
The link in this message contains malicious code that, when clicked on, is immediately downloaded to the employee’s device. If the right protections are not in place, it can spread throughout your network.
How easy can hackers pull off this type of social engineering?
I sent this message using a Spoofing tool. The tool enabled me to change my phone number and contact name to that of Karen Witkowski (our new marketing manager at SensCy). I then went to LinkedIn and downloaded a photo of Karen. I uploaded that image to the Spoofing tool, and you see the result. When people change jobs, they announce it on LinkedIn. Hackers view this information as an opportunity to trick your employee into making a mistake.
According to a recent report in Forbes, employees of small businesses with less than 100 employees will experience 350% more social engineering attacks than employees of larger enterprises. Why is this happening so frequently? Hackers have realized that small business employees need more consistent training on identifying social engineering to deal with these situations.
There are a few clues in the above message that, with the proper training, employees will recognize:
First, there are two errors in the text. Karen is spelled incorrectly, and the phrase “as you request” should be “at your request” or “as you requested.” Foreign actors are often behind these types of attacks, and being non-native speakers of English, they regularly make these types of mistakes.
The link appears to be a Dropbox link. SensCy does not use Dropbox in our day-to-day business.
If you look closely at the link, there is an extra “p.” The correctly spelled link would be dropbox.com.
Recognizing these retailer cyberattack attempts requires that you commit to a persistent training program. Employees can become very adept at identifying these fraudulent attempts with practice. Studies have demonstrated that we humans become experts through repetition. SensCy recommends a cybersecurity training program that involves 10 to 15-minute lessons every other month.
It’s important to remember that these attacks target your best employees—the ones who are trustworthy and want to help their teammates. By committing to a cybersecurity education program, you can protect your greatest asset (your employees), safeguard your home furnishings business, and sleep better at night, knowing you are creating a front-line defense against cyber criminals.
