Phishing used to be an exotic threat to a business but, now, it's one of the most common and successful cyber threats around. Here's how your business can increase employee awareness.
Here, we look at the current state of phishing awareness and how your business can get started on educating your employees on how to avoid these damaging attacks.
Why is there a lack of phishing awareness?
When it comes to phishing, there are two kinds of employee awareness; Firstly, there’s knowing that phishing is a nasty type of email scam that doesn't involve throwing a rod into a pond. Secondly, there’s knowing what types of phishing scams there are, how to spot the more sophisticated kinds, and what the hell you should do when you feel as though you may have been targeted.
Unfortunately, many employees still fall into the most basic type of phishing awareness - if that.
In fact, it’s believed that up to 88% of employees lack the basic security awareness needed to prevent a successful cyber attack -- with phishing attacks being high up on the list of most effective techniques.
54.6% of emails that appear in an average email inbox are spam.
The gate is wide open for cyber criminals
Cyber criminals have now increased the efficiency of their attacks and taken a more sophisticated approach with what’s known as “spear phishing”. This type of phishing scam is proven to be much more effective than its old spray-and-pray counterpart.
In one of our recent spear phishing tests on behalf of a client, our spear phishing ‘attack’ led to a 25% compromise rate, compared to a 1% compromise rate for that of a templated email.
Of course, there are many factors that come into play when trying to understand why both templated and targeted attacks are so successful -- but perhaps the biggest all stems down to the poor state of security awareness training.
What your employees need to understand about phishing?
Phishing is an online scam that a hacker uses to gather personal information from their targets. To achieve this they will impersonate a legitimate source, such as a bank, the targets employer or a friend. Phishing is a type of social engineering that emotionally manipulates people into giving the hacker what they want.
2. The sender of the email may not be legitimate
Phishing emails will more often than not appear to be from a legitimate source, but the problem is your employees will not know for certain. They should never trust an email based solely on the source. Hacker's will go to extreme lengths to disguise the phishing email, just to increase the chances of success.
3. A sense of urgency
More often than not phishing emails have a sense of urgency about them, the emails often use enticing or threatening language to scare the targets into opening the email. Although most phishing emails try to trick people into giving away sensitive information or money, some phishers play on peoples emotions to get what they want.
4. Red flags
Some phishing emails are extremely obvious, even to people with very little of knowledge of phishing. Here are some of the most obvious red flags to look out for:
-Requesting data from the victims
-Bogus URL links
How to increase awareness around phishing (and make it stick)
When drawing up an idea of how to increase phishing awareness among your workforce, they’ll probably be a point where you want to slump down in your chair and release a huge sigh of frustration. After all, having employees engage, retain information and, most importantly, use that training to help prevent phishing attacks is no easy feat. So what can you do?
The first thing we suggest is -- don’t try this at home.
Raising phishing awareness is a skill of knowing how to educate and train individuals, while also knowing that what your baffling on about is both cyber relevant and jargon-free. This is a perfect example of where security awareness training gets lost between HR and IT.
We suggest outsourcing your training to a provider that specialises in both areas of employee education AND security awareness (...a security awareness training vendor suggesting that? Shocking!). This may sound biased, but our platform is designed to resolve all of these obstacles, so why not shout about it?
Get started with your training solution
If you’re looking to implement phishing awareness, then give our security awareness platform a try for free. Our cloud-based uLearn platform contains short and easy-to-retain information that covers many of the cyber threats your end-users face (including a range of phishing techniques).
Once deployed, you’ll be able to test the effectiveness of your programme with the uPhish simulation tool, with in-depth reports covering details of which employees were compromised.
If you've got any questions about increasing phishing awareness with the use of our service, please reach out to email@example.com