Taking the Bait: Email Phishing in the Workplace
Email phishing is the fastest growing online crime method. The good news is, you can protect data and employees by implementing proven strategies.
74 percent of U.S. organizations experienced a successful phishing attack in 2020. That’s 30 percent higher than the global average and up 14 percent from 2019.
Phishing is a tried-and-true method by which hackers access business systems and data. Techniques continue to evolve, and consequences of successful attacks include:
- Data loss
- Credential/account compromise
- Ransomware infection
- Other malware infection
- Financial loss/wire transfer fraud
Add to these the time, money, and human resources spent on remediation, and phishing wreaks havoc on company profits and customer trust. To avoid attacks, organizations must foster security awareness by following these steps:
1. Champion awareness through training.
Training should be engaging, include real-world scenarios, and teach employees to check the legitimacy of hyperlinks and sender addresses. Explain how staff can use this knowledge to avoid phishing attacks in their personal lives.
2. Conduct regular phishing exercises.
Test user awareness on a regular basis to keep a pulse on the effectiveness of your training program. Keeping risks fresh in employees’ minds will contribute to resilience. Consistent testing will also help to identify users who may need more training.
3. Develop a system to report phishing attacks.
Make it easy for staff to report possible phishing attempts, such as with a “Report” button in the company email client. False reports will still show that employees are on guard. Managers and IT staff should adjust training content based on what users report. Best possible scenario: an employee reports an actual phishing scam.
It’s important to remember that employees will make mistakes while they get up to speed. Executives should consider if, and how, to implement consequences for clicks on malicious emails. That said, one staff member’s slip-up can affect the entire organization. Training and testing should reinforce the idea that everyone is responsible for security.
To learn more about effective security awareness training, read our white paper: Unscammable: The Guide to Fostering a Culture of Security Awareness.