Every year phishing scams cost businesses around half a billion dollars. The fact is no company is immune, but even more important to note, not all phishing scams are necessarily created equal. In fact, even if you think you’ve already put up a solid defense against things like email scams and other social engineering tactics, your business may still be vulnerable. The reality is, phishing schemes can come in many forms and are often initiated by individuals you might not expect…including your competitors.

Believe it or not, that’s exactly what happened to me a few weeks ago. We received an information request from our Agnostic Technologies website, that on the surface, looked like a legitimate lead. It was from a woman who said her boss had asked her to choose a new IT service provider. She was ready to sign a new contract but in order to narrow down her choices and make a final decision, she asked us to complete a comprehensive list of questions about our services.

Securing our own IT services customers involves investigating strange emails and educating our customers on how to recognize scams, hacking and phishing. Something about the email, and the senders inability to answer a return phone call, triggered my spidey sense and I decided to do a little digging. As it turns out, the woman behind the email happened to be married to a man who had recently started up a local IT services company. The request wasn’t a lead at all. It was an attempt to get information about our products, specific features and confidential pricing, that could presumably be used to further their own business. I politely declined the request but offered to meet and network with them to see how we could help each other. I am still waiting to hear back…

The fact is, phishing doesn’t always involve malware and viruses. It’s not always perpetrated by some unknown cyber-criminal with intent to steal identities or access financials. In many cases, it could simply involve a creative attempt to obtain sensitive information, as in the scenario provided here. Had I not had the experience, had we not trained employees on suspicious emails and fraud attempts, we could easily have handed over sensitive data about the company, including pricing and other proprietary information to a competitor. I happen to know from others in the industry who have done market research by simply calling up competitors and getting proposals and pricing right over the phone, that there is typically no resistance to this. Most companies have not trained their employees at all about what information they can give out freely.

This isn’t the only way your company’s sensitive data can become compromised either, nor is it only an issue for any one particular department. In fact, phishers target different individuals for many different reasons. For instance, executives, administrative assistants and human resource representatives are frequently targeted. In reality, no employee is off-limits.

Likewise, there are many different tactics that can be used which come across as completely innocuous, like requests for details about proprietary business practices, inquiries about customer lists, submission of fraudulent orders and a whole host of other strategies for gathering information. Most importantly, since these types of phishing scams don’t involve malicious files, suspicious links or risky attachments, preventative measures like firewalls and anti-virus software are rendered ineffective.

If you think your team would never willingly hand over inside information, you may want to think again. In fact, an incredible 72 percent of employees admit that they would share sensitive, confidential or regulated company information under certain circumstances. In other words, the odds are against you.

So, what’s the solution? How can you prevent your sensitive business information from falling into the wrong hands and costing your company money?

The key is education. The best way to prevent your employees from inadvertently giving out classified information is to raise awareness of the many risks and teach them what red flags to look for. Creating a security-minded culture within your company and making sure every single employee understands just how important his or her role is in keeping data secure will ultimately reduce the risk of human error and ensure that what could have potentially happened to our company never happens to your company.

At Agnostic Technologies, we provide secure, reliable and comprehensive IT services that cover all of your IT needs in one simple plan – including proactive employee education on cyber security. To request a consultation, simply complete this form or give us a call at (617) 718-5454.