Is your company making some mistakes that increase your risk of a phishing attack? Simply forwarding a phishing email or not reinforcing security awareness throughout the year can put you in a higher risk category than a company that builds security awareness into its “business as usual.”