What's putting you at risk?

We surveyed over 2,000 business leaders like YOU to identify the key risks you’re facing and created the UK Business Risk Report - full of practical insights to help you tackle them. Download your FREE copy today.

Man entering card details on mobile phone phishing scam

How to protect your business from phishing scams

Phishing emails are one of the most common types of cyber-attack affecting UK businesses. According to recent research, 45% of UK organisations have been affected by phishing scams in the past two years.1

So, what exactly is a phishing scam and how can you protect your business?

Phishing scams – what are they?

A phishing scam is a type of online scam where criminals trick users into giving up sensitive information such as passwords or bank details. This information gives hackers access to important accounts, compromising personal or business data.

A breach in cyber security could have huge fallout for businesses, especially in cases of identity theft or fraud. Businesses could suffer financial loss through theft, disrupted cash flow and business interruption, as well as suffering long-term damage to their business reputation. 

Here are some of the most common types of phishing scam you need to watch out for2

  • Invoice scam: You receive an email from an attacker impersonating a supplier, partner company or bank provider. The email claims you have an outstanding invoice and requests that you click a link or enter payment details, providing the attacker to access your business bank account.
  • Download scam: A download scam is where a hacker impersonates a trusted or recognised contact, tricking you into following a link or downloading an attachment. Clicking the attachment installs malicious software onto your device, giving the hacker access to sensitive data on your system.
  • Compromised account scam: You receive an email from a third-party company claiming that your account has been compromised. The email asks you to reset your password, giving the hacker freedom to access your sensitive information.
  • Payment and delivery scam: A cyber-criminal impersonates a legitimate supplier or vendor your business has recently used. By requesting updated payment details, the hacker attempts to trick a member of your staff to hand over company bank information in order to continue purchase.

Defending your business against phishing scams

Phishing scams are the most common type of online scam, with 90% of cyber breaches starting with phishing emails.3 However, they are also easy to arm yourself against.

Take some of these simple steps to help safe-guard your business against cyber-crime: 

  • Raise awareness: Make your employees aware of the danger of phishing scams, encouraging staff to be more vigilant when responding to suspicious emails.
  • Educate your employees: Front-line staff are your last wall of defence when it comes to phishing scams. Conduct training sessions for your employees with mock scenarios to help them identify phishing emails.
  • Install antivirus software: Keep antivirus software up to date on all your business equipment.
  • Have a recovery plan: Create a reliable recovery plan to help minimise the damage posed by a cyber breach, recover data quickly and keep your business running as smoothly as possible.

Protect your business against phishing scams

What to look for in a cyber insurance policy

A good cyber insurance policy will respond quickly to help your business recover from a cyber-related attack. This should include compensation for system failures, copyright and damaged hardware. It should also provide data recovery, business interruption cover and liability cover in the case of third-party data being compromised.

Why not check your exposure to cyber risks with our quick questionnaire?

This is a marketing communication

Marsh Commercial is a trading name of Jelf Insurance Brokers Ltd, which is authorised and regulated by the Financial Conduct Authority (FCA). Not all products and services offered are regulated by the FCA (for details see marshcommercial.co.uk/info/terms).  Registered in England and Wales numb 0837227. Registered Office: 1 Tower Place West, London EC3R 5BU. FP20.068b


1 Zywave 2020 - Most common phishing techniques doc 
2 Zywave 2020 - Most common phishing techniques doc

Adam Jeffs
Account Director of Marsh Commercial Reading Branch, 20 years’ experience in the insurance industry looking after a wide variety of clients with particular specialisms around Technology and Fintech risks.