You’re hurried. You’re under deadline. Clicking, clicking, clicking away at your keyboard. You can hit the backspace after every typo, but if you accidentally click the wrong emailed link, there are no second chances. You’ve just fallen prey to a phishing attack.
Depending on who you ask, phishing costs about $500M (Consumer Reports) to $3B (Gartner Research) annually. The latest report from the Anti-Phishing Working Group shows the number of phishing campaigns is declining. That’s good, right? Wrong. Hackers are moving away from mass phishing attacks in favor of spear phishing attacks, which yield a much greater open rate because people are more likely to trust the sender.
Email management providers like Sendmail can help tackle the problem with anti-spam/anti-virus, authentication, URL filtering, and even big data analysis. But ultimately the success of a phishing attack will come down to the end user. Will he or she recognize the attack?
There are ways you can train your employees to be as security-minded as your security officers. Consider:
- Tapping outside consultants for monthly (for large enterprises) or quarterly (for small businesses) training sessions that update users on all the latest threats they can expect to encounter now and over time
- Creating and instilling mandatory reading of Security Threat Watch memos that copy users on the latest scams
- Instilling clear disciplinary action for failure to identify, rebuff, and inform the organization of attacks as they’re discovered
- Gamifying behavior modification by sending inventive phishing attacks of your own—reward those who rebuff your attacks, require additional training sessions from those who are duped by them
- Working with your HR department to incorporate computer security into the required skill sets of those being hired as well as to
Technology and innovation goes a long way in securing your network. But when it comes to your last line of defense, the best way to protect users is to show them how to protect themselves.