While phishing attacks continue to grow, many small business budgets are not. So how do you protect against phishing emails and the ransomware, malware, and scams they contain?

You get creative, that’s how. But before looking at ways to be more efficient, let’s recap the security obstacles SMBs face.

Small Businesses are Big Targets.

Cyber-attacks against corporate titans dominate the headlines. And it’s true, they suffer enormous financial and reputational damage. But they usually bounce back. After all, they have deep resources.

Help Create
Active Defenders

Our new study shows why email
reporting — human action — is the
beating heart of a strong phishing


Smaller businesses don’t. In the last 12 months 55% of SMBs say they have suffered a cyber security attack while 50% suffered an actual data breach. SMBs are tempting target because small companies have small IT teams and often lack dedicated security staff, making it easier for criminals, once they’re in, to steal data or funds for extended periods.

According to the National Small Business Association, small businesses on average absorb over $20K in costs per attack, with SMBs spending nearly $900K to clean-up after an actual data breach. Ouch. Cofense has found that over 90 percent of breaches begin with a phishing email.

This brings us back to our challenge: reducing the threat with limited bucks and hours in the day.

When the Going Gets Tough, the Tough Get Smart.

Here are 6 common-sense ideas for reducing your phishing risk.

1. Back up all data frequently and completely.

It’s one way to avoid paying ransom in the event of a ransomware attack, or possibly paying less if most of your data is still accessible.

2. Identify the types of attacks that would hurt your business the most.

This is risk management 101. For example, if ransomware is your biggest concern—say, your access to patients’ medical files or customer bank accounts will be blocked—focus on what you can do to prevent a ransomware attack. One popular way is to…

3. Train your employees to recognize phishing emails.

Since most security breaches begin with phishing it makes sense to condition users to know phishing when they see it. “See something, say something” indeed.

4. Simulate phishing attacks to condition employees to stay alert.

Practice makes better, if not perfect. The only way your last line of defense—the employees that attackers target—will hold up against clever ruses is to look for them in their inboxes. You’ll want a simulation service that offers the phishing scenarios your company faces. For example, Cofense PhishMe offers scenarios that range from basic to advanced, with the ability to customize emails using your company name, logo, and more.

1:1 Demo
Powerful Solutions

We'll talk with you about your company's
specific needs and provide
demonstrations of our
recommended solutions.


5. Give your users an easy way to report suspicious emails.

Arm your employees with a one step process for alerting your IT team to potentially malicious emails. For instance, add a reporting button to employees’ email toolbars, this alerts your team of potential phishing attacks in real time and it helps keep your users engaged. It’s a simple tool they can wield as deputized members of your security team.

6. Last but not least, use free stuff.

Two freebies you should try: Cofense CBFree, a set of computer-based security training modules, and PhishMe Free, a simulation tool exclusively for small businesses. With PhishMe Free, you can launch your anti-phishing program at no cost or supplement current efforts.

There you go, 6 smart ways your SMB can fight phishing. Want to get started now? Learn more about PhishMe Free.

Free Training Helps Secure Against Phishing Attacks. Learn More about Cofense PhishMe Free:

Top 5 Reasons Why Companies Choose Cofense®

More Companies Trust Cofense: Cofense has over 1,000 customers worldwide, including over half of the Fortune 100.

Global Customer Support: Cofense is the only enterprise-grade phishing threat management solution fully staffed across the globe, supporting customers in more than 50 countries.

World Class Phishing Research: Our dedicated research and intelligence teams continuously discover indicators of phishing in the wild, delivering the most authentic and deepest spear phishing simulation and incident response resources available.

Discovers Real-Time Phishing Threats: While other solutions rely on simple machine learning to predict risks, Cofense leverages human intelligence to detect and respond to actual phishing threats bypassing your organization’s security layers in real time, drastically reducing threat susceptibility.

Rooted in Security, Founded by Experts: Cofense’s founders and executive leaders are well seasoned security professionals with more than 80 years combined experience in the cybersecurity and threat management landscape, delivering tremendous value through decades of experience.