The digital arena has provided us with numerous opportunities to advance our business, connect with potential customers, and broaden our horizons.
We’ve embraced it, but our foray into new technology has also brought inevitable threats, and cyber attacks are on the increase. Results from the Cyber Security Breaches Survey 2018, conducted by the Department for Digital, Culture, Media and Sport, indicate that over four in ten businesses (43%) and two in ten charities (19%) experienced a cyber security breach or attack during the preceding twelve months.
Let’s Go Phishing
Methods are becoming more sophisticated and one particular cyber-crime that seems to be rearing its ugly head more often these days is the unsavoury art of phishing – employee phishing and consumer phishing. Whereby, the target is contacted via email, text or telephone, and coerced into providing sensitive information.
Phishing messages are designed to convince the target that they are dealing with a genuine individual, company or institution. The outcome can be disastrous – with the unwitting target giving away personal details, financial information and passwords.
What is Simulated Phishing?
With cyber-attacks more prevalent than ever, many companies have decided to employ preventative measures, using simulated phishing testing to educate staff and illustrate the very real dangers associated with cyber-crime.
Simulated phishing (sometimes referred to as a phishing test), involves an organisation sending “fake” phishing emails to their staff, to see how they will respond. These emails are designed to emulate “real” employee phishing emails – aimed to strong-arm staff into revealing classified information and confidential data.
Knowledge is Power
Forewarned is forearmed, and organisations opting to use simulated phishing testing are opting to coach their staff on what a spoof email looks like. Different members of staff will have differing levels of technical ability and know-how, some may not be aware of employee phishing, or that cyber-criminals are operating in this way to get their mucky mitts on company information.
Simulated phishing testing enables staff to see clear examples of deceptive messages, helping them to spot potentially harmful emails in the future.
Company Wide Contamination
Real employee phishing campaigns can cause chaos within a company. There have been countless attempts to elicit information from unsuspecting staff members and consumers over recent times. Barracuda Networks reported the details of one infamous case involving a phishing campaign targeting frequent flyers. The email looked so convincing, (with the subject line detailing flight confirmation info, the airline, destination, and price of flight) that over 90% of recipients opened it. Of course, not all spoof emails are as elaborate or credible looking, but it only takes one employee to open a malicious email and click on an attachment.
Educating employees via simulated phishing testing can help guard against malware laden messages slipping through the net.
Data Theft, Financial Loss and Malware
With phishing attacks on the increase companies are looking ahead to the potential consequences. If employees unwittingly provide information and data, they are opening the door, and effectively inviting the criminal fraternity inside. You may as well send out an invite “Come and help yourself to our financial records, and our hard-earned profits!”
Remember, you are not only risking your own data, but that of your customer too. Sensitive information can be accessed if an employee is duped by a phishing email, that’s why its important that your staff become familiar with scams and spoofs – and that’s where simulated phishing testing comes in.
Phishing simulation testing provides a company with an overview of how staff are likely to respond to a malicious email. This precious data allows the senior team to see how many employees opened the email in question, how many chose to click on a link, how many opened an attachment, and how many had suspicions about the email and decided to report it as a potential phishing incident.
Feedback such as this provides a valuable snapshot of how confident staff are in dealing with potential cyber attacks, and helps the senior team to ascertain how they can best support staff going forward. It’s time to plug those gaps in knowledge that could result in an employee clicking on a tenuous link and putting the company in harms way.
Whilst the case for phishing simulation testing is certainly compelling, there are some who would argue against the practice, citing is at deliberately deceitful. Employees who “fail the test,” not identifying a simulated phishing email – opening it and clicking on attachments etc, may feel hoodwinked by the company on learning the truth. Unethical? On the surface perhaps – but let us not forget that phishing simulation testing is not designed to fool or upset employees, no-one is going to be hounded out of their job or demoted! The phishing simulation test is there to help employees, and moreover to encourage the senior team to help and educate employees to gain an insight and awareness of cyber-crime.
It’s important that wherever simulated phishing is used, it’s done so in a positive and transparent way – nothing hidden, no trying to trick the employees, but a collaborative and open process.
No Phishing Here
Are your employees aware of the potential dangers and devastating effects of cyber-crime? Do they understand the importance of identifying potentially harmful communication and flagging it to the senior team? Phishing is on the rise, and methods of “hooking” unsuspecting employees and consumers to extract information are becoming increasingly sophisticated.
Act now – after all, prevention is better than cure. Here at The Defence Works we can help you to safeguard your employees against cyber-attacks. Why not sign up for a free demo and learn how our security awareness training and simulated phishing can help your employees learn to identify potential threats and put a stop to them before its too late.