If your company or organization suffered or suffering a cyber-attack, chances are high that it started when a user opened an email and clicked on a link, he/she shouldn’t have.
Unfortunately, phishing has become a top way to of transferring ransomware and other types of malware to PCs. But why it is so?
Why would anyone click on a link of an email that looks suspicious?
Well, it is because attackers have become smarter and they now craft messages that don’t look suspicious anymore. These messages look real and authentic. So much so that even a well-informed person can get tricked easily.
So, what is the solution?
The best thing is endpoint protection. But you also need to provide Security Awareness Training to your employees to prevent such future events.
How? We will discuss this but before that let us discuss why phishing emails are so effective.
Why Phishing Works Effectively?
Have you ever received a message from Nigerian royalty who want to give you millions of dollars for a silly reason? Well, this is just an example, and an obvious one, of phishing.
Criminals now do their homework before they plan an attack. They utilize information on company websites and users accounts on social media, and then come up with highly believable and customized attacks.
It is nothing!
Now, employees can even get phishing emails that look more like requests from their own company’s high-level executives. In such a case, it is hard to blame an untrained user for getting tricked.
Here, we cannot blame users only. According to stats, the traditional security solutions a company is usually relying on have a hard time holding up their ends to protect the system. Let’s see what stats have to tell us about this:
- More than 90% successful phishing attacks surpass the antivirus and email filtering system of the victim
- 83% of these attacks can bypass the firewall of the victim
- In 55% ofcases, the attacks went successful, even though the victim had already conducted Security Awareness Training
Criminals using phishing are taking benefit of a big gap in the security. It’s up to you, how you can fix it.
If we talk about technology, experts recommend investingin a solution that provides you withan additional layer of real-timesecurity.
Now think it like this: You protect your castle with a wall (firewall) and a moat (which is an antivirus in this case). But you will still position a guar on your side of the gateto keep an eye if anything goes wrong from inside. Wouldn’t you do that?
This is important. You need to train your employees for this.
Stats Showing Phishing Attack in 2016 and 2017:
If we talk about the phishing stats of 2016 and 2017, we come to know that:
- In 2016, 27% organizations experienced malware infection, whereas, in 2017, this rate increased to 49%
- 17% accounts were compromised in 2016. This rate increased to 38% in 2017
- 7% people lost their data in 2016. And in 2017, 13% people had to bear the loss of their data
How to Train Employees to Avoid Opening Phishing Emails?
It is always better to nip the evil in the bud.
The best way to avoid any type of malware is to prevent it from triggering in the first place. And how do you do this? By explaining to your employees how they are vulnerable and what they can or should do about it.
Here are three tips for your users so they cannot only protect themselves betterbut also your company.
- Show Them Examples:
Asking your employees to be more watchful wouldn’t going to work if they don’t know what to watch out for. Then, what to do? Show them real phishing emails, tell them how they actually lookand point out the red flags.
This technique is not only going to help you in explaining tothem what a phishing email might look like, but it will also help your employees in recognizing tactics of criminals when they see them in action.
- Design a Process for Reporting Suspicious Emails:
Once you show them how to spot a phishing email, give them clear instructions on what to do next. Provide them witha simple procedure to report such message (tell them not to click on any link or download any attachment), reward them for doing so.
Rewards don’t mean to break your bank. It could be anything, from a simple shout-out in the company to free lunch and gift cards.
- Test your Employees:
Studies show that a person can learn best with experience. To help your employees gain the first-handexperience about these messages, you can use the servicesof a couple of vendors that help your own phishing campaigns. Please note that these campaigns do help in decreasing the click rate on such emails, but you need to be really mindful while handling them.
For preventing problems with phishing, use endpoint protection. Providing Security Awareness Training to your employees is another effective way to decreases the damage.
Schedule a meeting with Avancé IT Solutions today to find out how we can provide you with the tools for Endpoint Protection and Security Awareness Training.