Small businesses account for 58% of all breached victims and are especially susceptible to phishing, spear phishing, ransomware, and malware attacks. The only way to have a shot at preventing these attacks is to always have the risks at top of mind. If the risks are at the top of mind, you will be more likely to detect them and stop them from the start.

The best way to keep cyber risks at the top of mind is to continuously educate and enforce. Especially during the holiday season, we should all be extra vigilant of any emails we receive or links we open.  Here are three crucial tips to always remember when opening an email:

Always check the sender’s email address.

A common type of phishing attack is spear phishing. This means that the sender knows SOMETHING about the victim. In the example above, the sender knew the name of the CEO. In these types of scenarios, check the sender’s email address. This is one of the easiest ways to prevent spreading further information and falling victim to the attack. If the email address is from someone you know asking you to do something, check with them in person first. When it comes to data security, it is always best to be cautious than to be sorry.


Beware of suspicious content.

If it doesn’t seem legitimate, it probably isn’t! In this example above, I received a UPS delivery notification requiring a signature. At first glance, this email seems normal. Upon further investigation, there are several suspicions. There is a generic greeting (not displayed in screen shot); it is not personally addressed.  The formatting is off; “Tracking Number” and “UPS Services” do not line up. There is improper spacing; words are combined together or given a space in the middle of words. Other things to look out for are misspelling and lack of grammar/punctuation.


Hover over link’s before clicking.

Phishing emails generally include some type of link that leads to further ransomware or malware. Before clicking any links, hover over them to check the real destination. In the example above, the link says it goes to Amazon but after hovering over it, you can see it goes to a redirected source.


If you ever do catch a phish (pun intended), do not click anything within the email and immediately notify your designated IT support. It is important to notify others of the attack to spread awareness and prevent others within your organization from falling victim to the same attack. For tips on what to do if you do get phished, click here.