What Phishing is
Phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”. The phishing email could even look like it comes from your boss or one of your colleagues. And they are very cleverly designed – they can look exactly like the real thing!
So to avoid falling for a phishing email, and inadvertently giving away your passwords or bank details, you need to be well-informed about what to look out for. And if you have colleagues or staff, they need to know too!
Staff training / awareness training
To protect your business, you need to make sure that all your staff are trained and aware about what to look out for. So how would you go about doing this?
Well here are a few ideas:
- Share a video (like the one above) for all your staff to watch and discuss
- Put up posters to raise awareness
- Send a fake phishing email to see if people spot it. This is really effective, because it brings home to people how it could really happen to them. And if they fall for it, they will probably learn from it, and hopefully won’t make the same mistake again.
- Sign up to a staff security training program, that sends regular information emails, training videos and even sends fake phishing emails. This keeps the issue fresh in people’s minds, so they don’t forget after a while (which is what happens after a one-off training session!).
What happened in Sheffield
datamills’ “Cyber Division” was enlisted by an engineering company in Sheffield to help make their cyber security more robust. As part of this process, we sent fake phishing emails to their staff.
The results were interesting…
- 73% (32 out of 44) employees opened the email
- 45% (20 out of 44) followed the link given in the email
- 18% (8 out of 44) actually entered their password information and compromised the business as a result (well, they would have done if this had been a real phishing attempt).
Don’t forget that it only takes ONE staff member to compromise your business! So it is so important to make sure that EVERYONE is on alert and knows what to avoid.
The thing that was of additional concert in this case, was that only 2 of the 8 people who entered their details actually realised what they had done, and were brave enough to report it to someone. This is another thing that needs training – if a compromise DOES take place, the sooner it is reported, the more that can be done to sort things out. Don’t have a culture where people are so scared of being shamed or punished that they won’t report a breach if they realise it’s happened.
Empower your workforce to recognise and avoid falling for phishing attempts
If you’d like to raise awareness of cyber security with your workforce, get in touch to see how datamills can help.