Talk to Us Today Experienced a Breach?

News

img

Taking the Bait: Email Phishing in the Workplace

Email phishing is the fastest growing online crime method. The good news is, you can protect data and employees by implementing proven strategies.

74 percent of U.S. organizations experienced a successful phishing attack in 2020. That’s 30 percent higher than the global average and up 14 percent from 2019.

Phishing is a tried-and-true method by which hackers access business systems and data. Techniques continue to evolve, and consequences of successful attacks include:

  • Data loss
  • Credential/account compromise
  • Ransomware infection
  • Other malware infection
  • Financial loss/wire transfer fraud

Add to these the time, money, and human resources spent on remediation, and phishing wreaks havoc on company profits and customer trust. To avoid attacks, organizations must foster security awareness by following these steps:

1. Champion awareness through training.

Training should be engaging, include real-world scenarios, and teach employees to check the legitimacy of hyperlinks and sender addresses. Explain how staff can use this knowledge to avoid phishing attacks in their personal lives.

2. Conduct regular phishing exercises.

Test user awareness on a regular basis to keep a pulse on the effectiveness of your training program. Keeping risks fresh in employees’ minds will contribute to resilience. Consistent testing will also help to identify users who may need more training.

3. Develop a system to report phishing attacks.

Make it easy for staff to report possible phishing attempts, such as with a “Report” button in the company email client. False reports will still show that employees are on guard. Managers and IT staff should adjust training content based on what users report. Best possible scenario: an employee reports an actual phishing scam.

It’s important to remember that employees will make mistakes while they get up to speed. Executives should consider if, and how, to implement consequences for clicks on malicious emails. That said, one staff member’s slip-up can affect the entire organization. Training and testing should reinforce the idea that everyone is responsible for security.

To learn more about effective security awareness training, read our white paper: Unscammable: The Guide to Fostering a Culture of Security Awareness.


HOW HARDENED IS YOUR NETWORK?

Our Hardened Network Assessment, the first online self-assessment of its kind, will measure your network security posture and generate a customized report in just a few minutes.

Take the test

Related Articles

img

What's New

Malicious Insider Threats and Indicators

Insider threats can be invisible to standard security measures like firewalls. Use these tips for more robust detection.   Protecting your company data requires more than just technical measures and securing the perimeter—i

read
img

What's New

Solving the Cybersecurity Skills Shortage

The cybersecurity skills shortage is increasing breaches and making hiring increasingly difficult. Here is what businesses should do now. The growing shortage of qualified cybersecurity professionals makes it increasingly difficult f

read