• October 6, 2019

Employee Awareness of Phishing & Social Engineering Attacks

phishing-and-social-engineering-attacks

Employee Awareness of Phishing & Social Engineering Attacks

Employee Awareness of Phishing & Social Engineering Attacks 1024 645 Managed Solution

As written by Rob Walker.

Employee behavior is considered one of the main reasons why phishing attacks can be effective. With proper education your staff can be made aware of how to spot phishing attacks and stop them in their tracks.

Red Flags

Alert your staff to look for these red flags when they receive e-mails that are requesting some form of payment, account password authentications, or account deletions:

  • Be aware of spam and adopt special cautions for emails that:
    • Request confirmation of personal or financial information with high urgency.
    • Request quick action by threatening the user with frightening information.
    • Are sent by unknown senders.

Tips & Ground Rules

Alert your staff to follow these rules when it comes to suspicious activity:

  • Never divulge personal or financial information via phone, email, or on unsecure websites.
  • Do not click on links, download files, or open email attachments from unknown senders.
  • Be sure to make online transactions only on websites that use the https protocol — look for a sign that indicates that the site is secure (e.g., a padlock on the address bar).
  • Beware of links to web forms that request personal information, even if the email appears to come from a legitimate source. Phishing websites are often exact replicas of legitimate websites.
  • Beware of pop-ups; never enter personal information in a pop-up screen or click on it.
  • Beware of emails that ask the user to contact a specific phone number to update user’s information as well.

In addition to these tips, it could be a good idea to put Microsoft Advanced Threat Protection (ATP) to use company-wide. It is a part of Office 365 that can protect your staff from malware attached emails as well as unsafe links embedded in emails.

Certified Security Awareness Training

It is also a good idea for you to obtain certified security awareness training. A reputable company that provides this service is KnowBe4 and they provide the following:

  • Old School Security Awareness Training Doesn’t Cut It Anymore: Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks.
  • Baseline Testing: testing to assess the “phish-prone” percentage of your users through a free simulated phishing attack.
  • Train Your Users: The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.
  • Phish Your Users: Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
  • See The Results: Enterprise-strength reporting, showing stats and graphs for both training and phishing, ready for management.

Educating your staff is key. They are often the only line of defense when it comes to sophisticated phishing attacks. Contact us to learn more about getting your users fortified with the knowledge and support they need.

If you’d like to read more on phishing and cyber security, read our blog on How to Prevent, Detect, and Protect Yourself from Phishing Attacks.