We’ve been hacked…

…but it is only a list of names and email addresses, nothing too sensitive.

How many times have I heard this?

Let’s think for a moment about how phishing works. You receive an email apparently from a well-known bank, asking you to update your details.  Perhaps you don’t have an account with this bank so you feel rather smug and think you would never fall for a trick like this – after all the banks keep saying they would never send an email asking you to do this.  Perhaps you do have an account with this bank and just maybe you fall for it – after all, how could the baddies know you have an account with this bank?  If you click on the link you will be directed to a fake website; it is very easy to copy branding and create a very genuine looking website.

You’re probably not very likely to fall for a fake bank email, especially if it doesn’t address you by name.  It might be slightly more convincing it uses your name.  Let’s consider a different scenario.

Computer Law Training Ltd is a small company with a small, but growing, contact list.   Now, if someone managed to obtain a copy of this and copied our branding they could send emails, perhaps newsletters including web links, to all of our contacts.  If this was done well nobody would suspect that an email from such a small company was phishing, so most people would probably click on a link.  That link would download malware, possibly in the form of a keylogger, which would record every key pressed on a computer and send it directly to the original hacker.

Attacks on small businesses’ information are becoming more common and are very effective as defences are typically more easily breached.  Once the information is obtained it can then be used very effectively to obtain valuable information from contacts in the form of bank details, logins etc.

It is essential, even for small businesses, to keep information secure