For any company that does business on the Internet, online security is a growing concern - and for good reason. With malwares like viruses, Trojans, and worms just waiting to infect operation-critical computers, it’s crucial that businesses remain eagle-eyed when handling online communications and transactions.

Of the many online threats to your business, you should pay extra attention to one specific threat called “spear phishing,” since the damage it can cause may be something that you can never recover from, and in an unsettling twist, it’s lurking in one of the tools that you use and rely on everyday – your email.

Email scams or phishing attacks are nothing new. Cybercriminals have long been sending countless fraudulent messages to unsuspecting recipients to lure them into sharing personal and financial information. Spear phishing, on the other hand, is more insidious because it targets specific individuals or companies, much like how a fisherman targets a fish with a spear instead of a net.

Here’s how it works.

A scammer researches the name and contact information of an executive or the names of a group of employees of a specific company. He then sends his targets personalized emails that refer to critical business matters such as purported links to confidential reports or an attached PDF supposedly containing a legal subpoena. The links or attachment are, of course, nothing but a ploy to get the target to click on a malicious link or download a keylogger that enables the attacker to harvest confidential business information like customer data and credit card information, among others.

So, how do you protect yourself and your business from these email scams? Here are some steps you can - and should - take.

Educate yourself and your employees about phishing

Most IT professionals are familiar with email scams, but your other employees may not be as knowledgeable. Allocate time and resources to train everyone in your company, including your executives, about the dangers of phishing and how to spot it.

Assign a qualified fulltime employee to oversee IT security

Paying for a fulltime employee to take care of your IT and online security needs is a lot cheaper than having to do damage control once a breach occurs as a result of phishing. It also gives your company an in-house resource that your employees can consult with whenever they receive a suspicious looking message.

Create and institute strict policies to protect data

Identify which information should be considered private or confidential and setup protocols for proper handling of such. Also, implement best practices like encrypting sensitive data and making it a policy for employees to never open any suspicious email and have them forward the suspected phishing messages instead to your IT guy for expert investigation and disposal.

Use readily available security tools

Invest in Internet security, firewall, and anti-spam software and make sure they are up-to-date. Modern web browsers also have built-in anti-phishing features so make sure you’re using those as well. For protecting your company’s internal network, take advantage of smart cards for increased security and accountability.

Phishing attacks continue to be a real problem for many businesses including banks, online vendors and even Internet service providers. It’s important that you equip yourself and your company with the necessary tools and the knowledge so you don’t swallow the bait hook, line and sinker.