5 Ways to Cut the Phishing Line

  

 

Everyone is vulnerable to phishing attacks. Even the most secure institutions can be infiltrated by one employee clicking the wrong link or opening an infected file. Here are five strategies to help your employees and customers become more resistant to cyber con-artists and encourage them to be human sensors, able to detect messages automated filters miss.  

1. Make it personal.

  • Engage employees and customers by illustrating how this risk, perhaps more than any other, directly affects them. 
  • Present information in an engaging way, like you would to woo new customers. 
  • Share stories from the news about real companies and people caught in phishing scams.
Phishing Stats 4B

2. Remove the stigma.

  • Explain how cyber con artists socially engineer attacks to catch people off guard, and there’s no shame in taking the bait. 
  • Establish a system for reporting phishing and encourage people to report potential infections as soon as possible. 
  • Share stories where high-level people fell for a phishing scam, demonstrating it can happen to anyone.
 

3. Engineer skepticism. 

  • Encourage employees to follow-up with colleagues, even those at the highest levels of the organization, via phone if a request seems strange or a file attachment is unexpected. 
  • Provide an easy way for employees and customers to submit suspicious messages for review.
  • Define inappropriate email requests, such as those asking for passwords or other personal information. 
 

4. Promote message scrutiny. 

  • Teach employees how to evaluate the legitimacy of hyperlinks and sender addresses. 
  • Explain common tricks used in phishing, like replacing the letters with similar characters, as in app1e.com with a 1 in place of the L. 
  • Produce samples of phishing messages on the company website where customers can access them.
 

5. Train continuously. 

  • Distribute instructions on how to avoid scams with examples of the latest phishing tactics several times a year.
  • Conduct phishing simulation tests to improve employee handling of suspicious messages and collect data about who is vulnerable. 
  • Add phishing warnings and links to resources to customer communications where appropriate.
 
There’s no way to eliminate the phishing threat entirely, but combining good cyber hygiene (dynamic inbound/outbound traffic monitoring, up-to-date software and patches, etc.) with effective training can greatly reduce the risk to businesses and their customers.  

 

Resources & Useful Links

2015 Verizon Data Breach Investigations Report

SEC Phishing Fraud Tips 

W-2 Phishing Scams on the Rise in 2016