SMBs are increasingly aware that they are targets for cybercriminals, according to a 2019 survey conducted by Zogby Analytics on behalf of the US National Cyber Security Alliance. Almost half (44%) of companies with 251 to 500 employees said that they had experienced an official data breach within the past 12 months. The survey found that 88% of small businesses believe that they are at least a “somewhat likely” target for cybercriminals, including almost half (46%) that believe they are a “very likely” target.

The damage is real and extensive, a point well illustrated by the FBI’s Internet Crime Complaint Center (IC3) annual report. In 2020 alone, the IC3 received 19,369
business email compromise (BEC)/email account compromise (EAC) complaints, with adjusted losses of over $1.8 billion. For those who don’t know, BEC/EAC is a sophisticated scam targeting both businesses and individuals performing transfers of funds.

Thirty-three percent of the breaches included social attacks, the second-most utilized tactics after hacking, states the 2019 Data Breach Investigations Report.

The aim of this handbook is to help introduce social engineering and its risks to every employee in the company