Due to an increase in phishing attempts, you may have recently been contacted by your credit card company, bank, or credit union warning you not to click on links in emails that appear to be from them. Phishing (fake email) messages can be made to look very real. Unfortunately, following the instructions in these messages can have serious consequences. On the plus side, there are steps to take to identify impostors and protect yourself and your organization.
Our team takes part in ongoing security awareness training by way of live presentations and online learning and testing. Each of us is prepared NOT to cause a security breach. One component of our training is phishing tests that are sent to staff. The first time this test was sent internally, some people did click on links. It just goes to show – if even IT professionals can be duped, it’s likely you can be! Don’t feel too bad, the bad guys have gotten good at making these spam emails quite believable!
Training Produces Results
The following results are from a test less than a year after the first (when there were “clickers”). That’s right – zero clicks! The “Opened” column refers to people who had their Outlook set up to automatically download all images. We were able to adjust our systems to prevent that practice because these tools clued us in that there may be a problem.
We Can Help You
Everyone at Safety Net now knows how to recognize phishing, even though we upped the sophistication level on the test messages. Recent versions look just like a message from Microsoft, for instance. Our tools can also be set up to do “vishing” tests (voice phishing, or mock phone calls trying to get information). We highly recommend a similar approach for any organization that wants to make cybersecurity a priority. We can provide security awareness training and help set up ongoing web-based training and testing. Our fCIOs work with clients to determine how often messages should go out and to whom they should be sent. An online portal provides tracking of mandatory training sessions and test results by user.
“[It] is a terrific tool with enhanced training programs utilized to keep my staff knowledgeable and up-to-date on current cyber threats. Its system allows for simple setup and scheduling of training and testing, and aids in ensuring threats are front of mind. It’s helped my staff be more conscientious of their role in keeping the Bank cyber-secure.”
– Holly Buda, VP of Compliance and Security at Honor Bank
As phishing becomes more complex and hackers fine-tune their skills, it is important to stay vigilant when reading emails. It’s quick and easy to click a link. The potential damages caused by clicking that link are anything but quick and easy to fix. Bottom line, training really works, and ongoing testing is a best practice. Both are especially important for organizations who need to be compliant with HIPAA, SSAE 16, NIST, or similar regulatory requirements.