Talk to Us Today Experienced a Breach?

News

img

Taking the Bait: Email Phishing in the Workplace

Email phishing is the fastest growing online crime method. The good news is, you can protect data and employees by implementing proven strategies.

74 percent of U.S. organizations experienced a successful phishing attack in 2020. That’s 30 percent higher than the global average and up 14 percent from 2019.

Phishing is a tried-and-true method by which hackers access business systems and data. Techniques continue to evolve, and consequences of successful attacks include:

  • Data loss
  • Credential/account compromise
  • Ransomware infection
  • Other malware infection
  • Financial loss/wire transfer fraud

Add to these the time, money, and human resources spent on remediation, and phishing wreaks havoc on company profits and customer trust. To avoid attacks, organizations must foster security awareness by following these steps:

1. Champion awareness through training.

Training should be engaging, include real-world scenarios, and teach employees to check the legitimacy of hyperlinks and sender addresses. Explain how staff can use this knowledge to avoid phishing attacks in their personal lives.

2. Conduct regular phishing exercises.

Test user awareness on a regular basis to keep a pulse on the effectiveness of your training program. Keeping risks fresh in employees’ minds will contribute to resilience. Consistent testing will also help to identify users who may need more training.

3. Develop a system to report phishing attacks.

Make it easy for staff to report possible phishing attempts, such as with a “Report” button in the company email client. False reports will still show that employees are on guard. Managers and IT staff should adjust training content based on what users report. Best possible scenario: an employee reports an actual phishing scam.

It’s important to remember that employees will make mistakes while they get up to speed. Executives should consider if, and how, to implement consequences for clicks on malicious emails. That said, one staff member’s slip-up can affect the entire organization. Training and testing should reinforce the idea that everyone is responsible for security.

To learn more about effective security awareness training, read our white paper: Unscammable: The Guide to Fostering a Culture of Security Awareness.


HOW HARDENED IS YOUR NETWORK?

Our Hardened Network Assessment, the first online self-assessment of its kind, will measure your network security posture and generate a customized report in just a few minutes.

Take the test

Related Articles

img

What's New

Cyber Threats to Education

Schools are data-rich targets for malicious actors, with extensive stores of social security numbers, email addresses, health records, financial information of students and their families, and more. Cyber threats against the educatio

read
img

What's New, Whitepapers

Maintaining a Mature Security Program

Maintaining a mature security program helps to drive significant improvements in governance and compliance at any organization, from a small business to a large enterprise. The more mature a company's security program becomes, the better th

read
img

What's New

Cybersecurity Resolutions for 2023

These reasonable resolutions will launch your organization's cybersecurity in 2023. Businesses can prepare for cyberattacks by developing a proactive risk management strategy to kickstart 2023. Phishing emails and ransomware continue

read