When it comes to phishing, small businesses are not only easier to exploit, but sometimes the value is greater than breaching a fortune 500 business. With a lack of training, feelings of humiliation, and fear of consequences, small business employees are more likely to be victim to phishing, and far less likely to report these attempts whether successful or not. This can lead to monumental consequences for the business.
With an industry of over $1.5 Trillion in profits and $6 Trillion in damages in 2018, cyber crime is more active than ever, and Phishing is the go-to method of choice. In 2018, over 80% of American businesses reported malicious phishing attempts, and alone accounts for over 90% of cyber attacks to date. The NSA considers Phishing to be one of the largest threats to national security, and advise businesses take extreme precautionary measures.
Emails are not the only Phishing platform, as phone number spoofing and call manipulation is child's play to a seasoned tech wiz. Imagine being able to listen in on calls between two high level executives, or between someone and their attorney or accountant. Recording these calls are easy as ever and can be used for corporate espionage and identify theft. As a business owner, are you confident that you employees are prepared for the most advanced in spear phishing? Are you confident that you know what to look for yourself? Do you know what actions to take if someone reports that they had been successfully Phished?
Training is the best action that you can take to prepare yourself and your employees for incoming phishing attempts. Knowing not to share information over insecure and unverifiable channels like phone calls, and validating the request for sensitive data over email with someone in person are crucial steps to improving your readiness.