Pause and think about all the people at your company who could be targeted for a phishing scam – finance staffers, purchasers, executives.
Now consider: Are you fully confident all those people know exactly what phishing is? Is it possible some don’t even know the basic definition?
Fact is, at many companies, there’s a big knowledge gap. When asked, “What is phishing?” in a survey from security company Proofpoint, only 52% of U.S. workers answered correctly.
Why this is so concerning: The same survey found that 74% of U.S. companies were victim to a successful phishing attack last year. And it’s worth noting that’s well above the global average of 57% and it’s a 14% year-over-year increase.
The correlation is clear. Since nearly half of employees don’t know exactly what phishing is or how to spot it, when they’re targeted by fraudsters, they fall for scams that can result in substantial monetary losses.
Time to train?
In light of this outlook, it’s important for CFOs to think about whether corporate fraud and phishing education needs to be more of a focal point at your company. It’s especially worth considering now, with creative coronavirus-related phishing scams popping up everywhere. And given the financial hardships of the pandemic, companies can’t afford to face unplanned monetary losses.
So, take some time to think about the training and knowledge you provide for your people. Specifically, how often do you discuss phishing as a team or as a company? Does IT keep employees alert of threats?
Then consult with your managers to get their opinion on how well-educated (or not) their staffers are. You could also talk to other executives, since criminals often impersonate the top brass in phishing scams.
After, if you have even a slight amount of doubt or uncertainty regarding your company’s phishing knowledge, look into how and when you can allocate more time or resources toward the cause.
