Cyber criminals specializing in the field of phishing are becoming craftier and craftier. These individuals are undermining businesses both big and small, and across several different industries. The simple truth is no one is safe from a security breach. Phishing emails are one of the top security concerns of 2017.
According to Verizon 2016 DBIR, 30% of phishing emails are opened by the receiver and is the number one delivery method of cyber attacks. IT departments are sophisticated organizations that are acting continuously to protect business assets, but one small hole can lead to major consequences. Employee emails are this one small hole.
How are hackers using phishing emails to gain access? They do this in several ways. Cyber criminals are craftily embedding links into emails that redirect employees to an unsecured website, where they’re then asked for sensitive information.
And it’s not always obvious. In 2017 when Google was targeted by a sophisticated phishing campaign, Gmail users were prompted to re-enter username and password information in a very corporate branded email with creditable-looking reply emails and URL links. The scam worked with as many as one million Gmail users being victimized.
Hackers can gain access to your system through phishing emails. Malicious email attachments and Trojan security breaches are often started through phishing campaigns. Hackers spoof sender addresses in an email to appear reputable and request sensitive information. These examples occur frequently.
The phishing threat is real, and businesses are actively preparing employees to detect phishing emails.
Business IT departments are actively running mock phishing exercises with employees to help them determine where education is lacking. The City of Los Angeles’ Information Technology Agency conducted a very similar test with their employees. What did they find? The city IT team sent messages informing employees that they had a package waiting for them. When they clicked the package, they ultimately gave access to a virus. A 90-second training video was then prompted with the employees that clicked the malicious link, thus educating them on the vulnerability of phishing emails. When the exercise was run again, the email open rate was cut in half. These are actionable results businesses wish to see in regards to training employees.
Now, use these following actionable steps in your own business.
Regularly perform phishing tests against staff to gauge awareness level.
How aware are your employees of this potential threat? As humans, we learn best by doing. It’s important to provide your employees with tangible and relatable experiences that they can then adopted into their daily workflow. By performing regular and informative phishing tests, you can realistically gauge how well your employees are defending against phishing.
Show relatable and real phishing examples.
Providing top-notch examples is a purposeful way to directly tell your employees what they need to look for in phishing emails. The internet provides several examples and training programs to aid you with completing this task.
Create a testing process, procedure and reward system for when employees perform well.
Often overlooked, businesses only train employees if an cyber attack has occurred, or if it’s in regards to a compliance requirement. To prepare employees actively, the process and procedures need to be caked into the daily routine and strategy of the business.
In other words, have an effective security education program. If the employee performs admirably by not clicking a malicious link, reward the employee. Employees will then know how to reproduce the desired behavior. In contrast, if an employee doesn’t meet the testing standards, don’t blame or publicly criticize. The idea is not to make the entire team hate the IT department. Educate, inform and reward in an effective and positive way.
Create an accountability culture in your business.
The seriousness of detecting and defeating phishing emails needs to be translated throughout the business to all employee divisions. The management team should aim to create an accountability culture, where everyone in the organization is responsible for protecting the businesses assets. This responsibility isn’t just given to the IT department. All employees need to be included, even the senior management, to ensure an effective and functioning accountability culture.
Phishing emails are on the rise. Train employees effectively to ensure your business data is secure.