Army brats like me grew up around the word “readiness”. We knew it meant weeks or even months that a parent was absent for deployment, training for “What if…” scenarios. One of the reasons so many veterans have successfully made the transition to entrepreneurship is that they continue to put readiness first. A recent deal proposed by the FTC serves as a reminder to veteran business owners – and to all business executives – on the ongoing threats to sensitive customer and employee information posed by phishing The best defense: readiness.

Phishing scammers typically contact employees via email, text message, or phone and trick them into clicking a link, downloading a file, or disclosing confidential information. Their goal is to install malware or otherwise access your digital assets. In that recent case, the FTC said the lax security practices of an educational technology company resulted in multiple data breaches, leading to the misappropriation of personal information on millions of consumers. An interesting aspect of the case is the allegation that data thieves went through the digital front door by convincing employees, including some senior executives, to take the bait of phishing scams. The complaint further stated that for a long period of time the company “did not require employees to complete any data security training, including identifying and responding appropriately to phishing attacks.”

Phishing has been around for years – the FTC’s first phishing case dates back to 2004 – but the disturbing news is that both old-school methods and more sophisticated attacks continue to be successful. The FTC has steps you can take to protect your business from phishing scams.

Implement company-wide training. If a person is on your list in any capacity, add them to your data security training list. According to the FTC’s experience, scammers see everyone as potential targets, including interns, temporary workers, contractors, and even people who don’t routinely use sensitive data. Also, none are too important for training. As the recent FTC case shows, scammers don’t stop at C Suite’s door and neither should training.

Schedule regular updates. Training is not a complete box to tick the to-do list. Your business operations likely change frequently, as do the threats you need to defend against. But we all had to attend internal lectures that bring to mind the “Whaa Whaa Whaa” sound effect when adults talk about the special “Peanuts”. The key is to keep the content fresh and engaging with IRL stories, headline news, and other acts of attention.

Look for telltale signs of phishing. There is no 100% accurate test to determine if a message is a phishing scam, but some features can be tip-off, such as misspellings or grammar; requests for gift vouchers, wire transfers or cryptocurrencies; directions for clicking on links or downloading attachments; or a wording that just sounds strange. (An email we recently received: “It is extremely essential that all workers undertake to follow the mandatory measures”.)

Commend employees for developing a skeptical eye. “Is this really a message from the boss telling me to transfer money or send a confidential spreadsheet?” “The caller said they were from tech support, but is that true?” “The email says it’s a link to our new corporate communications platform. Should I click on it? “Encourage your staff to take a moment to think about unexpected emails, messages, or calls. Even if it turns out to be a genuine request, if their instincts suggest phishing may be taking place, applaud the employees who take the time to investigate.

Keep your defenses high while working remotely. Double checking was easier when it came to walking down the aisle to see if a claim was level. But this is not possible with remote workers or business travelers. Encourage your team to pick up the phone and call a number they know is legitimate to determine if a message is a bona fide commercial communication or a phishing attempt.

Our best advice for veterans who own business borrows a buzzword from the US Coast Guard: Always saved (Always ready). Anticipate threats to sensitive data in your possession and train your employees on how to spot scammers trying to infiltrate your defenses. FTC’s Cybersecurity for Small Business resources include a segment on protecting your business from phishing scams. For information on personal financial readiness and other topics compiled specifically for veterans and service members, visit our Military Consumer site.

On this Veterans Day we are honored to honor you and family members whose support has been essential to your service.

Leave a Reply

Your email address will not be published. Required fields are marked *