HBLLP Logo Client login link HBLLP Home page link Make a payment link
* *
 
 
 
 
 
SHOULD YOU GO PHISHING WITH YOUR EMPLOYEES?
BY HUTCHINSON AND BLOODGOOD | November 5, 2020 | TAX TIPS
 
 
 
 


Every business owner is aware of the threat posed by cybercriminals. If a hacker were to gain access to the sensitive data about your business, customers or employees, the damage to your reputation and profitability could be severe.

You’re also probably aware of the specific danger of “phishing.” This is when a fraudster sends a phony communication (usually an email, but sometimes a text or instant message) that appears to be from a reputable source. The criminal’s objective is either to get recipients to reveal sensitive personal or company information or to click on a link exposing their computers to malicious software.

It’s a terrible thing to do, of course. Maybe you should give it a try.

An upfront investment
That’s right, many businesses are intentionally sending fake emails to their employees to determine how many recipients will fall for the scams and how much risk the companies face. These “phishing simulations” can be revealing and helpful, but they’re also fraught with hazards both financial and ethical.

On the financial side, a phishing simulation generally calls for an investment in software designed to create and distribute “realistic” phishing emails and then gather risk-assessment data. There are free, open-source platforms you might try. But their functionality is limited, and you’ll have to install and use them yourself without external tech support.

Commercially available phishing simulators are rich in features. Many come with educational tools so you can not only determine whether employees will fall for phishing scams, but also teach them how to avoid doing so. Developers typically offer installation assistance and ongoing support as well.

However, you’ll need to establish a budget and shop carefully. You must then regularly use the software as part of your company’s wider IT security measures to get an adequate return on investment.

Ethical quandaries
As mentioned, phishing simulations present ethical risks. Some might say that the very act of sending a deceptive email to employees is a betrayal of trust. What’s worse, if the simulated phishing message exploits particularly sensitive fears, you could incur a backlash from both employees and the public at large.
A major media company recently learned this the hard way when it tried to lure employees to respond to a phishing simulation email with promises of cash bonuses to those who remained on staff following layoffs related to the COVID-19 pandemic. Users who “clicked through” were met with a shaming message that they’d just failed a cybersecurity test. Angry employees took to social media, the story spread and the company’s reputation as an employer took a major hit.

Plan carefully
Adding phishing simulations to your cybersecurity arsenal may be a good idea. Just bear in mind that these aren’t a “one and done” type of activity. Simulations must be part of a well-planned, long-term and broadly executed effort that seeks to empathetically educate users, not alienate them. Contact us to discuss ways to prudently handle IT costs.
© 2020

 
 
 
 
 

HOW CAN WE HELP?

With the uncertainty of the situation surrounding coronavirus (COVID-19) continuing to evolve, we understand that it is affecting businesses and individuals in many different ways. 

At Hutchinson and Bloodgood, we value the relationships we have built with you. We will continue to be accessible so that we can serve and assist you while providing the level of attention that you deserve.

We will work alongside you throughout this ongoing situation to develop and build the optimal solutions for you.

Please contact us with your questions and concerns.

 
Disclaimer: This material has been prepared for informational purposes only. It is not intended as a substitute for speaking to your accountant, tax planner or financial planner. All information is provided “as is.” With change happening on a daily basis, we do not guarantee completeness, accuracy, timeliness or results obtained from the use of this information.
 
 
 
 
 
 
Megaphone  

GET NEWS DELIVERED TO YOUR INBOX

Stay current on tax and accounting issues, business
strategies, technology and general business information.

Sign up for our newsletter and
receive regular emails from us!

  Register Newsletter Form Registration
 
 
 
 
  grey spacer    
 
         
Social media icons Email Us HBLLP's LinkedIn page Link to Instagram HBLLP's Facebook page Contact Us Office Locations
  " "      
       
       
       
Glendale, CA
550 North Brand Blvd.
14th Floor
Glendale, CA 91203
Phone (818) 637-5000

blue spacer
El Centro, CA
3205 South Dogwood Ave.
El Centro, CA 92243
Phone (760) 352-1021

blue spacer
San Diego, CA
7676 Hazard Center Dr.,
Suite 1150
San Diego, CA 92108
Phone (619) 849-6500

blue spacer
Watsonville, CA
579 Auto Center Drive
Watsonville, CA 95076
Phone (831) 724-2441

blue spacer
The Consulting Group
550 North Brand Blvd.
14th Floor
Glendale, CA 91203
Phone (818) 637-5000

       
       

Hutchinson and Bloodgood LLP is an affiliate of PKF International and Allinial Global, associations of legally independent accounting and consulting firms who share education, marketing resources, and technical knowledge in a wide range of industries. We are independent accounting firms coming together to support the success of independent client companies.


@ 2020 Hutchinson and Bloodgood LLP