It is reported that around 269 billion emails are sent worldwide each day with 150(+/-) of those being delivered straight to each of your employee's Inboxes. According to Symantec’s 2017 Internet Security Threat Report, one in 131 emails contains malware. This means that on a daily basis every one of your employees is faced with emails that threaten the security of your organization’s data.
It’s no wonder organizations across every industry are beginning to realize that when it comes to data security, insider threats are as dangerous as outsider threats. It only takes one employee to fall for a phishing email for the cybercriminals to gain access to your computer network and sensitive data.
Cybercriminals employ a range of social engineering techniques to do it. Their goal is to trick end-users into clicking on a malicious link, opening an infected attachment, or giving up sensitive information such as login credentials. These fake emails can be hard to identify as they may look harmless enough. They may come in the form of an order confirmation, job application, a social media notification, tax return notice, security update…the list goes on. It’s now a daily struggle for your staff to combat.
How can organizations identify and avoid malicious email?
Invest in security awareness training for your entire organization. Coupled with regular simulated phishing emails, security awareness training will ingrain the habit of always suspecting and questioning any email, especially those that are requesting you to click or provide sensitive company information.
And no one in the organization should be left out. Upper management (we’re talking to you, vice presidents and c-levels!) must also participate. These positions generally have access to a wide variety of valuable information and hold the authority to make decisions autonomously. It’s up to them to take charge of establishing and creating a culture of security within their organization; to lead by example.
If you haven’t yet invested in a security awareness training tool, be sure to do so now. It's cost effective and goes a long way with helping organizations avoid an expensive lesson. As the saying goes, the best defense is always a good offense.
If your organization has fallen victim to a phishing scam, file a complaint with the IC3 at www.IC3.gov and contact the authorities.
Click on the button if you would like more information on how to get your staff to be active network defenders!