Digital is now the default. With more businesses turning to cloud-based services – and more employees working from home – the internet has become our most essential working resource.

It should come as no surprise then, that cybercrime is on the rise. After all, the more people log in, the more opportunities there are for hacks, exploits and general digital skullduggery.

To help you protect your business, we've come up with a list of the most common reasons people get phished.

But before we get started – just what is phishing?

Phishing: a definition

Unfortunately, phishing has nothing to do with sitting by a lake watching your line bob up and down in the summer sun. However, there is some truth to the analogy.

Much like fishing, phishing involves "baiting" the user into handing over their personal data or login details. Scammers achieve this with a variety of malicious techniques. These can be as simple as impersonating an existing company, or as tricksy as redirecting users to a malicious site – even after clicking a seemingly legitimate link.

So, no matter who you are or what you know, the threat of an attack is still very possible. Phishers are constantly finding new and more sophisticated scams – beyond the common baiting techniques – and companies are continuing to fall victim to their traps.

What you need to know is how phishing happens – and what you can do to safeguard your business from similar attacks.

Here are four "hows" to get you started.

1. Human error

This is by far the most common weakness in any business.

It's also the most understandable. We've all made the mistake – some time or another – of clicking a link we shouldn't have.

But accidents on a personal computer are one thing. When hackers gain access to an entire corporate network, well… that's a whole different kettle of phish.

If you receive an email that looks even remotely suspicious – even if it's made it past your email security filters – do yourself a favour and check the address. If the subject reads something scary like "your Amazon password has been reset," try not to panic. Instead, you should do a little digging first.

Often, scammers have to substitute certain letters in their email addresses to fool the filters, making the address something like "Amazor".

You might think that you'd notice a mistake like that. However, phishing scams are at their most effective when they distract you emotionally – usually by notifying you of a (fake) breach of security or a surprise refund.

Also, legitimate businesses probably won't use named technicians in these kinds of emails. So if the address looks like "john@amazonsupport.com", it's more than likely not real.

2. Phishing has become more sophisticated

It seems like a forgone conclusion. When you click a link to a URL – or type the URL into your address bar – you expect to end up on that website. Otherwise, it would be like walking into McDonald's and being served a KFC.

Unfortunately, it's not so simple. Using a sophisticated tactic called DNS poisoning, scammers can indeed redirect you to another website entirely.

Often, this fake website will be designed to look like the real deal. So you might click through to bobshardwaresupplies.com, add some items to your cart and check out – all without suspecting a thing.

But if the website has fallen victim to a DNS poisoning attack, those card details you just typed in might be winging their way to a hacker.

Phishers are, of course, exploiting this kind of attack. Unfortunately.

The key takeaway: also browse with a healthy level of suspicion. Keep an eye out for anything suspicious – even if the URL looks perfectly legit.

3. It's a growing market

Scamming is lucrative. Lucrative things are popular. See where this is going?

As more and more criminals join the scam train, it gets harder and harder for companies to safeguard themselves.

Need proof? Consider the fact that one in every 99 emails contains a phishing attack. You literally cannot avoid them – and the bigger your business, the more is at stake.

Remember: be vigilant. And make sure your staff know how to detect a phishing email.

4. It's cheap

Yep, phishing doesn't require much investment at all. In fact, the barrier to entry is almost non-existent. If you've got dodgy morals and you're willing to snoop around some dark and sticky portions of the internet, you can become a phishing scammer. Lucky you.

They say "a fool's born every minute". Well, there's probably a wannabe phisher setting up shop every 30 seconds.

This isn't to say their scams are going to be sophisticated. But it does mean there are going to be more and more of them. Watch out.

The unfortunate truth

Even if you're well versed in cybersecurity, the sheer volume of phishing attacks means you're still at risk. After all, it only takes one "off day" for a scam to slip through the net.

And can you trust your staff to be as vigilant as you? What about the morning after a work party? That's a whole office worth of "off days" waiting to be exploited.

The best you can do is this: stay vigilant. Treat every email and link with a degree of suspicion. And make sure staff are trained in the art of threat detection.

Of course, it's not all about human error. The security of your network and hardware comes into it too. And that's a whole other set of bowling balls to juggle.

Thankfully, you can make managing security a little easier with the help of our cybersecurity software.

It's an easy-to-install app that monitors every device on your business network. If it finds a vulnerability, it tells you how to fix it fast – in plain, simple language.

Simply by following these tips, you can protect your business from 98.5% of cyber attacks – and earn your Cyber Essentials certificate in as little as 24 hours.

Become cyber secure today. Learn more about our cybersecurity monitoring software.