Cybersecurity should be the top priority throughout an entire organization. Every department, regardless of their own priorities, are responsible for safeguarding against potential threats. Majority of cyberattacks are a result from simple tactics in the forms of phishing attacks. Phishing attacks are simple and often overseen. They become the epicenter of every organizations’ problems.
Where do employees go wrong when avoiding phishing and social engineering?
Employees check their emails on the go whilst switching between various devices. Therefore no one is thinking twice about opening a suspicious attachment from someone they think they know. But why is it that many companies fall short of keeping their IT infrastructure as a major priority? It all starts with companies accepting a ‘divide and conquer’ mentality, which is no longer relevant in today’s IT landscape. The expectation is that openness, honesty, and awareness become a reoccurring discussion within businesses.
Training must provide awareness of the measures to take when stopping hackers because phishing is not overly sophisticated but is perplexing enough to be effective.
What are the costs involved?
Nearly 40 percent of IT professionals don’t even think the executive teams understand the full risk of a cyber-attack. Lack of sensibility towards cybersecurity is inadequate for building trust among employees. It is also a missed opportunity for creating trust in a company’s consumer base. Nonetheless, not introducing cyber awareness can lead to financial risks. According to the Ponemon Institute, phishing campaigns can cost the average U.S. company $3.77 million a year.
Are you scared yet? Another example is the sophisticated hacking group that had ties to cybercrime gangs operating in Europe that actively targeted and breached prominent brand-name, Chipotle, as well as other U.S. based hospitality companies and restaurants. They were able to compromise point-of-sale systems at many locations and gained access to customer credit card data from millions of people.
If this isn’t bad enough, Google and Facebook were out $100 million each when an attacker used a phishing email to trick employees into wiring money overseas through forged email addresses, invoices, and corporate stamps to impersonate a large Asian-based manufacturer with whom tech firms regularly did business. As well as a spear phishing scam that sent phony information requests to employees for ‘tax purposes’ which comprised more than 120,000 people at more than 100 organizations. This is not the end, these are only few of the attacks that have occurred and are still occurring.
Having a policy is the best policy
It has become recognized that an organization’s employees play a key role in effective cyber security strategy. Basic attacks are avoidable if existing policies and procedures are as followed. Developing an effective security culture is key. This raises levels of awareness and understanding of the cyber risk. Thus, embedding security-aware values and behaviors across the organization through proactive training is beneficial.
Phishing testing is a valuable way to stimulate personal security awareness. Testing employees’s susceptibility to cyberattacks establishes a recognizable measurement through a realistic approach in order to see who takes the bait. Thus, providing education training to those who fail to pass the tests as well as the entirety of the organization is key. The tests should reflect the sophistication of modern day attacks. They should take place throughout the year to keep employees on their toes. It allows enterprises to spot trends and track processes over time. Every organization should be holding regular cybersecurity audits to ensure procedures are up to scratch.
Jolera’s tips for increasing your organizations’ security IQ
Ovett McLarty, Jolera’s Senior Cyber Security Specialist, provided feedback and believes that “humans are the weakest chain in any security infrastructure, therefore much of a security budget is often spent on people. It is cheaper to train staff to act securely than to remediate a security incident.
Turn to Ovett’s advice on maintaining a secure enterprise with cyber aware employees and protection.
Simple steps to help avoid phishing and social engineering:
- Pay attention to email addresses from which the message arrives, making sure it is correct, you recognize it, or it is not from a suspicious domain (security awareness training)
- Call the sender to confirm the email
- Check the context of email
- Keep personal and work emails separate
- Limit information available on social media and be cautious when disclosing your role at work – This can make you a target for phishing
- Be cautious of the websites you sign up for or register with, create a dummy account for subscriptions and junk mail
- Look for consistent spelling and grammatical errors, this is often a good indicator of phishing attempts
- Use a different password for every email address and website that requires login
- Never share your password with anyone. For contingencies add sensitive passwords to things such as bank accounts
- Be cautious when connecting to free and open Wifi hotspots, do not check email, bank accounts, or any sensitive information – use a data plan for security
Learn how to protect your company from cybercrime using our cybersecurity awareness training program to ensure end-to-end effective security. We’ll teach you the tactics cybercriminals use to manipulate your organization and how to better protect against them.