Yup, we know. You clicked on this link because we name-dropped John Oliver in the title. Therefore, without further ado, let’s let John Oliver himself introduce this important topic for small business cybersecurity.
That was a great intro piece that explained why consumers need to be wary of robocallers, but it didn’t do much to explain the impact of malicious robocalling on your small business. In our opinion, this was a big oversight on John’s part because small businesses are in greater danger from illegal robocalls than consumers are.
Get the facts in today’s article.
Remember that frightening section near 6:00 when cybersecurity expert Jim Stickley got Jeff Rossen’s mother’s Social Security Number? What kind of information was that terrifying giggling robot at 10:00 trying to get? In the cybersecurity industry, we have a name for when a scammer calls someone and tries to get private data. It’s called vishing.
Vishing, a combination word of “voice” and “phishing,” is the whole point of malicious robocalling, so even though John Oliver didn’t use the actual, proper term in his report, he still described it quite well.
As you saw in the video, phone scammers (both robots and humans) use a wide variety of tactics to get access to private data, and they often succeed. However, when a vishing scammer calls a consumer, they can only get data from a single person (the target) because most people don’t have access to other people’s private data.
Businesses, however, store a lot of data on a lot of people.
Think about this:
I don’t think I know anyone who could rattle off their best friend’s credit card number or Social Security Number from memory. I also don’t think I know anyone who has a file containing their best friend’s financial or personal data, because that would be super creepy.
However, there are many businesses here in Seattle that store data about their clients, so while I may not be able to look up my best friend’s personal or financial data, you might be able to if my friend is one of your customers.
Let’s think about the implications of that for a moment here:
In this kind of scenario, I have a feeling that my best friend’s data would be revealed. I think that the data leak (AKA costly breach) would be even more likely if the scammer supplied partial data during the call, such as my friend’s email address, home address, last four digits of his credit card, or phone number.
As cybersecurity expert Brian Krebs reports, that method of supplying partial data is exactly what clever vishing scammers are doing these days.
So, let’s say that my best friend’s data was revealed.
If he had revealed the information himself, he’d be able to file a complaint with the police and, if the data was credit card data, he could reverse any illegal charges and cancel the card.
If your business revealed his data… well, that’s another story entirely.
I’m not going to spend time creating a bullet point list of how your company’s mistake would play out in the courts, The Seattle Times, or your revenues. You can imagine all that for yourself.
Instead, I’ll just remind you of all the information you handle.
In addition to storing customer data, your business also stores employee data, you probably use a few business credit cards and your company account holds more money than your personal account, and each of your employees has personal data that they’d freely give out if someone called them claiming to be in HR or Accounting.
In short: Companies are a much bigger target for vishing scammers because they offer a vastly bigger payoff.
The FCC has a long list of recommendations to help consumers protect themselves from illegal robocalling scammers but, honestly, the FCC recommendations are laughable when you try to apply them to a small business.
I mean, how is your company supposed to thrive when you’re directed to: avoid calls from unknown numbers and hang up on unknown callers; not respond to any questions, especially those that require you to say “yes”; and hang up on callers who claim to be from a company or government agency?
I’m serious! Those are the FCC’s actual recommendations!
Since robocalling is already a lot worse this year than it was last year (1500 robocalls were placed each second in 2018, but nearly 2000 robocalls per second were placed in March 2019 alone), and since experts suggest that deepfakes will be the next evil innovation in robocalling, I figured you could use a few helpful pointers that can improve your small business cybersecurity practices, especially when it comes to vishing attacks.
If you want some help setting up your policies, researching and implementing anti-robocall software, training your staff to identify phishing and vishing scams, or tightening your small business cybersecurity stance, Interplay can help.
Since 2001, Interplay has been helping Seattle-based businesses get more done at work with less hassle, through a combination of hands-on service, around-the-clock network monitoring, after-hours patching and updates, vendor and software licensing management, and other critical IT services.
And we’re happy to help you tackle vishing attacks and other cybersecurity hazards at your business.
Social engineering scams like vishing are hard to protect from, which is why criminals use them so often. That’s why the best idea for maintaining small business cybersecurity is to have a Plan B that protects you no matter what.