Seasoned cybercriminals will often develop their own hacking tools after finding vulnerabilities in a business and sell them to less skilled criminals. Phishing is one of those attacks that can and is currently being run by unsophisticated cybercriminals. For as little as $50/month a criminal can use a phishing-as-a-service product to start their own malicious phishing campaign on your business by this afternoon. Phishing kits are widely available for anyone wanting to jump in and start being a criminal. They will eventually all be caught but perhaps not until after they have caused your business financial and reputational damage.
As a business leader, if you think you can buy your way out of phishing you are sorely mistaken. Phishing will always be an attack method that only has one solution which is cyber education. Phishing is usually what you think of when you think of cyber threats within a business. The media is constantly running pieces about phishing, yet everyone still fails at remembering about phishing when it really counts…at the work desk.
Here are some ways to decrease your business’s chances of being phished:
- Consistency in cyber education for all employees INCLUDING executive level and board level personnel. Do not think for one moment that you are above education when it comes to phishing. As an executive lead by example and start taking cyber education seriously.
- Make phishing simulations a teachable moment. The more you can get the entire business talking about phishing, the more likely everyone is to question every email/message/call they receive. Don’t make cyber education and phishing another chore or hoop that an employee must jump through before they can go home and “be off the clock”. Educate them so that they want to take what they have learned home with them and want to teach others about what they learned.