Studies show small to medium-size businesses (SMBs) rely on social media for customer contact and growth. According to SCORE, a research partner of the Small Business Administration (SBA), nearly half of SMB owners cite social media as their preferred means of digital marketing. Moreover, 73% say social channels are their most successful form of digital marketing. That’s why many cybercrooks make social channels in addition to related channels such as texts, emails and phones—their favorite attack vectors. Their method involves deceiving users to gain access credentials, which they use to steal proprietary data or lock valuable databases. Then, criminals demand ransom payments and/or sell purloined information through illicit digital marketplaces. Here are some common “social engineering” techniques used by bad actors:
• An email or text asking receivers to click links to fake websites that capture credentials
• Phone calls asking recipients to call back rather than click a link
• Junk messages, usually delivered by email, that encourage addressees to download attachments that deliver malicious programs such as ransomware
According to the FBI’s Internet Crime Complaint Center (IC3), during the last five years most of the more than three million grievances filed involved SMBs. How can SMB leaders deflect this criminal onslaught? We recommend training as the solution because informed employees are your best defense. Teach staff about policies, protocols and products that insulate your business from cyber-exposures.