Great news — taking steps to keep your organization safe from this intrusive type of cyber-attack may be easier than you realized. One-time training for employees to stay vigilant is only the first skirmish in the battle to secure your organization’s digital assets. Ongoing education and reinforcement of the message to be cautious, all presented in a way that employees won’t rebel against, is the first line of defense against spear phishing.
The FBI calls them business email compromise scams, but most cybersecurity professionals are more familiar with the term phishing, with spear phishing being the latest way to exclusively target individuals based on their organizational ties or position. With nearly $1.6 billion in losses by U.S. businesses between 2013 and 2016 at organizations of all sizes and segments, spear phishing is costing individual businesses millions of dollars per year. Cyber criminals are targeting real estate, title professionals and attorneys slightly more often, but no business is immune. Any organization in which large sums of money change hands or employees have access to wire transfer information or personal information is in danger.
While education around cyber threats has often been in the realm of an organization’s IT department, today’s security heads are finding allies in the human resources department. By making cybersecurity training a key part of each new hire’s orientation, you’re starting the business down the path of caution. You’re also protecting from the most vulnerable part of the corporate population — new employees who are more likely to click first and ask questions later. Once IT has defined the training to be received, HR can be a large part of ensuring that all adequate training, testing and re-training is completed in a timely manner.
Even the most intensive training schedule can’t protect your business from today’s sophisticated cybercriminals. While hacks in the past have been easily spotted with poorly-spelled entreaties to send thousands of dollars to Africa or the Philippines, cyber thieves have become much savvier. You’re much more likely to receive a coupon for a free pizza from a trusted brand — complete with corporate logo — as a phishing attack. A comprehensive testing strategy for employees at all levels is a more effective tool than any after-the-fact cleanup or recovery program, and it can help reduce the likelihood of an attack by up to 50 percent.
Creating a positive environment for learning within the organization is critical; never shame employees who may have made a simple mistake and clicked something they shouldn’t. Instead, gently remind them of the importance of knowing where emails come from, previewing links and other ways to stay safe online. Here are a few additional tips to promote positive engagement from your teams:
While the first time you run a test may seem a bit depressing due to the number of people willing to click on a fake link or download something sketchy, it’s ultimately safer to use these training exercises as a way to educate your teams on cybersecurity.
Again, stay away from shaming or sharing names of people who went for the bait. Instead, focus on positive outcomes and communicate that the test occurred (and the results) in a timely manner. Use this ongoing communication to educate your organization on what to do when they see something that seems like it could be a phishing attack. Use this opportunity to re-educate the Help Desk and technology teams to stay neutral and positive, and request that employees share anything they find that could be questionable — before or after they click a link or download a file. Early notification of something that’s “phishy” could allow you the few minutes needed to add a layer of protection or change passwords before they are used.
Want to learn more about how to protect your organization from costly cybersecurity attacks? Contact OnSolve today at 866-939-0911 to create a communications solution that will ensure you can quickly and easily get the word out to your teams in the event of a cyber-attack or other emergency situations.
View The Security experts have longed warned of the rising threats to business continuity in the “Internet of Things” (“IoT”)...Download The Article