Small Business Phishing Attacks
Staff should only have basic email privileges so the lowest level rights needed to perform their job.
Administrator accounts have many more access rights if unauthorised access is achieved can be far more damaging than basic user account.
Two-factor authentication (2FA) attackers won’t be able to access your account even if they know your passwords.
Think about your usual working procedures and how you can help make common tricks less likely to succeed.
Examples: Unusual requests / Invoices, Impersonating banks
If any suspicion you must take steps to scan for malware and change passwords immediately.
Attackers use publicly available information to make their phishing messages more convincing.
This can be from your website or social media accounts.
Identify ways to improve your business operations.