January 7, 2019 / GuidesFor Team
Phishing is a form of cyber attack that uses disguised emails to lure vulnerable parties. Senders of these emails aim to make the recipient believe that the message is reliable and often appear as requests from their banks or a note from someone in the company according to CSO Online. According to Business Wire, there were over a million phishing attacks were recorded in 2016. It was dubbed as the worst year for phishing in history with an average of 92, 564 attacks per month. The same article quoted the Anti-Phishing Group on saying that the attacks rely primarily on fooling people rather than using sophisticated technical implementations. Gaining understanding of the nature of this attack is important but working ahead of attackers by identifying the most vulnerable part of your network matters most. In this sense, training employees to understand the nature of these attacks will be your best defense. Training employees to identify real and fake emails, and alerting security can greatly help in averting these attacks. –Crischellyn Abayon
Phishing attacks are certainly nothing new, but their effectiveness makes them a continuous cybersecurity issue for organizations. According to a recent report from Carbon Black, the holiday season is an especially vulnerable time of year, with cyber-attacks on track to increase by 60% this year. The most common tactic is… you guessed it… phishing!
Fortunately, if your employees are aware of the tricks of the trade, they’re less likely to fall for a phishing scam — no matter how convincing it may be. Here are a few tips to arm them against fraudsters.
Spear phishing attacks are becoming increasingly sophisticated, which makes it more and more difficult for users to spot a fake email or website. However, there are still some telltale signs that an email or website may be fraudulent, including the following:
Visual clues give it away. Often times, fraudsters make simple visual mistakes, which can telegraph that a site is fake. In the example below, the “Log In” buttons are different colors (not to mention the URLs are incorrect and lack the lock in the upper left-hand corner).
(Source: PC Magazine)
To keep your employees up to speed on the latest tactics for hackers, send a seasonal email reminder or host a training that’s focused on exercising caution and vigilance during the holidays (when it’s especially easy to be caught off guard).
Phishing attempts are most often focused on credential theft, which is one of the three top causes of insider threat incidents. According to insider threat statistics from the Ponemon Institute, credential theft and imposter risks cost organizations an average of $2 million per year.
Help employees protect their user credentials by requiring the use of account security best practices, including the use of multi-factor authentication, and password management tools or password vaults. It can be difficult to roll out password vaulting software organization-wide, since people are creatures of habit.
Take the time to walk team members through the importance of password management, including how vaults and password managers can make life easier (when password requirements are getting increasingly stringent). Check out our tips on choosing the right password manager, and help employees make adherence to password policies a resolution for 2019!
Creating a positive culture of cybersecurity awareness and vigilance doesn’t happen overnight, but it starts with trust. Remind employees that they can come to the cybersecurity team when they have questions about the legitimacy of an email or website — especially before they click.
All too often, cybersecurity is called to action when it’s too late. Hosting office hours or just keeping an open-door policy for questions may break down some of the barriers to communication. Or, if your employees aren’t feeling particularly empowered to chat about their issues, host an anonymous “Ask Me Anything” session, where people can submit questions without their identities being revealed. Answer the questions during a lunch and learn, and remind employees that their questions will be answered at any time with zero judgement.
Speaking of questions, we want to know which employee coaching topics you’d like covered for 2019. Tell us what you think on Twitter @ObserveIT, and feel free to ask us how to navigate tricky coaching issues.
Posted In: Research