5 Easy Ways to Protect Your Small Business from Phishing Attacks

Stephen Moramarco
January 31, 2018 by
Stephen Moramarco

Your business is vulnerable to phishing attacks, no matter what size it is. According to the 2016 State of SMB Security Report, half of the 28 million small businesses in the US have been breached; most of these attacks begin with an email that has a malicious link or attachment.

One of the most notorious examples last year was a scam that sent a phony “shipping information” email to 3,000 small businesses. Pretending to be from UPS, the email had a link that claimed to be tracking information; instead, it contained malware that infected many computers.

Role-appropriate training to your entire workforce

Role-appropriate training to your entire workforce

Get a free year of cybersecurity skills training with your security awareness training purchase.  

A small business likely doesn’t have an IT department or a big budget, and it can be difficult to figure out exactly what to do to about phishing vulnerabilities. Don’t worry; we’ve taken care of that for you with this list of 5 ways to protect your small business from phishing attacks.


  1. Install a good antivirus program and spam filter. It’s a very simple step that many businesses forget, but these tools are essential to catching phishing emails and malware before they end up in an inbox. Popular spam filters include SpamAssassin and SPAMfighter Pro; antivirus software includes Avast, Norton, and Symantec. Do a little comparison shopping and find the one with the most features, best reviews, and competitive price.

This is a fake updater, via

  1. Update all your software. It’s also very important to make sure every computer you are using has the latest version of all software, including Internet browsers. Many worms and other types of malware exploit vulnerabilities that the new updates fix. However, you need to be aware of fake update warnings, which are actually cleverly disguised malware. Therefore, if there’s an option to update the software automatically, do it.
  2. Purchase cyber insurance. Regular business insurance rarely covers cyber attacks. If (when?) your company falls victim to a successful phishing attack, there are potential damages that can put you out of business. In fact, Symantec reports that 60% of businesses go under within six months of a breach. Therefore, it makes sense to shop around for a good policy that can help with recovery.
  3. Educate your employees. Many people simply aren’t aware of the true dangers or think that, because the business is small, it’s not vulnerable. The best way to do this is to create an educational program or use an existing one that can teach how to identify and avoid clicking on suspicious emails and other important security tips.
  4. Drill, drill, drill. An often overlooked component of anti-phishing security is real-world testing. This involves creating and sending phony “phishing” emails to unsuspecting staff. These emails should run the gamut of typical tactics - asking for a password reset, requesting a money transfer, or even offering “free pizza.” If someone clicks the link, instead of being phished, however, they are taken to a landing page informing them of their error.
  5. A screenshot of a sample landing page

    If you’d like to take care of Numbers 4 and 5 in one fell swoop, join InfoSec Institute’s award-winning SecurityIQ platform. One part of it is called AwareEd, which consists of customizable education modules that include videos and quizzes. The other area is called PhishSim, which contains a phishing simulator, as described above.

    Both AwareEd and PhishSim are completely automated. You import the contacts, create or choose the modules or templates, and SecurityIQ takes it from there. All activity can be remotely analyzed and monitored in the dashboard.

    There are many more features that make SecurityIQ essential for any small business serious about security. Right now, we are offering a free 30-day trial of the Premium account which includes unlimited emails and learners. Join today!

    Get six free posters

    Get six free posters

    Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.

    Stephen Moramarco
    Stephen Moramarco

    Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.