skip to Main Content

Phishing and Raising Awarness

As many of our community will know, over the past 12 months, Startup Croydon has doubled our staff count as we deliver new projects, including the Creative Digital Lab and the E-Business Programme.

This growth has offered much learning to us as a team as we navigate the expected challenges of cash flow and marketing. The surprise challenge has been cyber security and especially new team members being targeted by phishing emails.

90% of all cyber attacks begin with phishing

Our team has been targeted several times by phishing emails that appear to come from our CEO. They are primarily urgent-style messages asking staff to purchase gift cards for Apple.

The messages come from a different email address and have been followed up with a text message from the CEO’s named phone  (not the real one)

The urgency that is created comes hand in hand with the fast pace of a startup business and extra vigilance and education is needed by all staff to avoid making expensive mistakes.

As we support small business owners and are so embedded in the community we feel it’s important to share this experience to raise awareness and prevent any other growing businesses from having the same experience.

Advice that we have learned along the way is :

  • Staff members are to be made aware that this is happening and to slow down and double-check that the email address is the correct address before engaging.
  • Be sure to communicate with all staff but particularly new staff about communication style.
  • As a team leader, share your mobile number so your staff will know whether they’re talking to you or not.

Rajan Amin, from Coversure Insurance Brokers, emphasises that experiencing a cyber attack is inevitable—it’s just a matter of when and how. The primary entry point for hackers remains phishing emails, posing a significant risk to personal and financial data. To bolster protection, it’s crucial to get informed and, at the very least, implement the Cyber Essentials scheme.  Government backed it outlines five fundamental security controls that can mitigate 80% of common cyber attacks. For those seeking further security the option of Cyber Essentials Plus includes vulnerability tests.

A simple rule Rajan follows is; if you receive an email from an unfamiliar sender requesting you to open a file or click on a link, either delete it immediately or forward it to your IT team for verification.

Considering the increasing availability of Cyber Insurance across various business sizes and types, Rajan suggests that Cyber Insurance should be a fundamental consideration for all businesses when assessing their insurance needs.

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024

Phishing is a form of cyber-attack where attackers impersonate legitimate entities to deceive individuals into providing sensitive information such as usernames, passwords, credit card details, or other personal information. This is typically done through emails, instant messages, or other communication channels that appear to be from trusted sources.

Phishing poses several dangers, primarily targeting personal and financial information:

Financial Loss: Once attackers gain access to financial information, they can use it to make unauthorised purchases or transactions, leading to financial losses for the victim.

Data Breaches: Phishing attacks targeting employees of companies can lead to data breaches. If an employee unwittingly provides access credentials or other sensitive information, it can compromise the security of the entire organisation’s network and data.

Reputation Damage: Individuals or organisations who fall victim to phishing attacks can suffer damage to their reputation. This is particularly true for businesses, as customers may lose trust in a company that fails to protect their data.

Share this post:
Back To Top