Business Solutions Center
General Business Columns


Home Resources General Business Columns Business Article - Susan Solovic To Improve Your Cyber-Security, Go Phishing!

To Improve Your Cyber-Security, Go Phishing!

Business Article - Susan Solovic
Susan Solovic Susan Solovic, The Small Business Expert is an award-winning entrepreneur, an attorney, a New York Times best-selling author, a media personality and a highly sought after keynote speaker.

To Improve Your Cyber-Security, Go Phishing!

To Improve Your Cyber-Security, Go Phishing!

I don’t think there’s any question the world is getting more dangerous every day, if only in the fact that due to our reliance on technology, there are more ways the bad guys can get to us.

If people and companies with incredible resources, like Sony, HBO, and the DNC can get hacked, what chance does a small business owner have?

Frankly, because of your size and your ability to monitor and communicate with your employees, I think you have a better chance to avoid cyber-disasters than bigger operations – if you are proactive about protecting yourself online.

Types Of Phishing Scams

It seems that the biggest vulnerability right now are the phishing emails. These are emails designed to look legitimate and lure the recipient into clicking on a link. The link may download malicious computer code or trick the user into entering personal information on a bogus – but legitimate appearing – website.

In the case of the download, the users may believe they are receiving a Word file, an invoice, or some other document that is typically sent via an email attachment. In the case of entering personal information, users are often told their bank account, PayPal account, or some other entity needs them to verify information or their account will be suspended.

Employee training, regular reinforcement, and updates are at the core of your ability to protect your business. Not long ago I directed you to a couple of online cyber-security quizzes that can help you get your team up to speed on the basics. Checking, testing, and monitoring your employees must be an integral part of your strategy.

Send Simulated Phishing Emails

Given the current dangers, one of the best things you can do is to set up a program that sends simulated phishing emails to your employees to train them as well as test their knowledge and vigilance. There are various free and paid services that will send these faux (phaux?) phishing emails to your team to see how they react. (I have a list below. Note that a few require good technical knowledge.)

You need to tell your employees they should expect to receive these testing and training phishing emails as part of your cyber-security program. The simple expectation of receiving these emails will heighten the awareness of your employees, which is one of the best benefits of the strategy.

You need to have a company email where these phishing emails can be forwarded to; employees need to have an “action” they can take when they suspect malicious online activity. Further, you need to examine and discuss these phishing emails in meetings. When you do this, the activity begins to act like your body’s immune system – you develop protection against each phishing email style and strategy. Your “immunity” builds and becomes stronger over time.

Paid and Free Phishing Simulators

Here’s the list. Some are DIY and free and have a fairly easy user interface. Other DIY applications require more technical know-how. Finally, several companies are offering simulated phishing emails as either a stand-alone service, or part of a cyber-security training package.


The information included on this website is designed for informational purposes only. It is not legal, tax, financial, or any other sort of advice; nor is it a substitute for such advice. The information on this site may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate, in parts. It is the reader's responsibility to comply with any applicable local, state, or federal regulations, and to make their own decisions about how to operate their business. Nationwide Mutual Insurance Company, its affiliates, and their employees make no warranties about the information, no guarantee of results, and assume no liability in connection with the information provided.