Small Business Cybercrime. PHOTO: Cybercrime Magazine.

Small Businesses Need To Hook Their Employees On Cybersecurity

Phishing simulation can reduce cyber threats by 30 percent

Steve Morgan, Editor-in-Chief

Northport, N.Y. – Sep. 17, 2019

Cybercrime is no laughing matter.

Frank Zinghini, CEO of Applied Visions, Inc. (AVI), a Long Island, N.Y. based software engineering firm, and the developer of Comic-BEE, is dead serious about defending against cybercrime.

An impromptu visit from Cybercrime Magazine to one of AVI’s branch offices drove home the point. “Do you know what a phishing scam is?” we asked one of their programmers, amidst a half-dozen of his colleagues. “Yup,” he responded, without hesitation, as his co-workers nodded affirmatively. “In fact, we just recently received a fake email (a simulated phishing message designed to test the employees) from our IT team — and we knew what it was. We didn’t click.” (Zinghini wasn’t there, and he was unaware of our visit.)

Zinghini practices what he preaches — and it trickles down to all of his employees. It’s helped AVI — with eighty employees (the bulk of which are software engineers) spread across offices in Northport, N.Y.; Clifton Park, N.Y.; Durham, N.C.; and Murrysville, Pa. — earn a stellar reputation for secure application development. It’s also helped his small business avoid being stung by a cyberattack, more than 90 percent of which are initiated by phishing scams. That’s not to say that AVI is phish-proof, but their employees know how to detect and react to cyber intruders.

We asked Zinghini, whose main office is down the block from Cybercrime Magazine’s East Coast studios, to join us for a roundtable discussion with two cybersecurity experts — Scott Schober, author of the popular book “Hacked Again” and a well known media personality, and Kyle Metcalf, CEO of Inspired eLearning, a security awareness company based out of San Antonio, Texas.

Nearly half of all cyberattacks are committed against small businesses. 60 percent of small companies that suffer a cyberattack are out of business within six months, according to the U.S. National Cyber Security Alliance. A Better Business Bureau survey found that for small businesses — which make up more than 97 percent of total businesses in North America — the primary challenges for more than 55 percent of them in order to develop a cybersecurity plan are a lack of resources or knowledge.

Which small businesses avoid cyberattacks, and remain in business? The ones with a CEO who is aware of the risks, and what to do about them.

“Every business that uses software — which is pretty much every business — should be doing what they can to mitigate the risks in this digital wilderness,” says Zinghini. “One of the biggest risks to your cybersecurity is your employees. I don’t mean to say they’re downloading your data and selling it on the Dark Web or something — although that has happened, it’s unlikely. What’s more likely is that your employees might unwittingly provide access to a criminal.”

What to do about it?

Zinghini says that good training is the first step in creating a culture of security awareness. “The training materials Inspired eLearning provides are great for that, and equally important is the phishing simulation we discussed. The only way to enforce training is to challenge and test your people to see how well they have absorbed the lessons.”

“You’re 30 percent less likely to click on a phishing email if you send a (phishing) simulation to your employees once a month,” according to Metcalf. His company offers a tool that is used to send fake phishing emails of varying degrees of difficulty to their employees — to figure out who’s going to click on it.

If not?

“Security awareness is something you need at every level of your organization, in every department,” says Zinghini. “If you don’t have a training program on this topic, you need one. Cybercrime isn’t going away; it’s only going to get worse. Businesses unready for the next threat tend to serve as examples for everyone else.”

AVI is doing its part to help others. They’ve worked with the U.S. Department of Homeland Security (DHS) to create Comic-BEE, which provides interactive comic-book stories that teach non-technical users the consequences of their cybersecurity choices. “Like those “choose your own adventure” books you remember, each scene in the comic ends with a choice,” explains Zinghini. “Reader choices alter the narrative and move the story in one direction or another. That means users can see which choices they might make in a given situation, and witness the outcome of that choice.”

There are 30 million small businesses currently operating in the United States that need to stay safe from phishing attacks, malware spying, ransomware, identity theft, major breaches and hackers who would compromise their security, according to Schober.

A good starting point for any small business owner is Inspired eLearning’s phishing prevention resources and tips. Train yourself on the number one technique used by cybercriminals, and then train your users on it.

Cybercrime Magazine may be dropping by your offices — so don’t let your employees get caught with their pants down!

Inspired eLearning Archives

Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.

Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions.

Sponsored by Inspired eLearning

At Inspired eLearning, we are committed to delivering eLearning solutions of the absolute highest quality, ones which don’t simply check a box, but which drive positive and measurable changes in organizational culture as well. We want to help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations, and maximize the return on their investment in organizational training with our eLearning for employees.