According to the FBI’s Internet Crime Report, phishing was the most commonly reported cybercrime in 2020. In conjunction with Cybersecurity Awareness Month, this week’s area of focus is “Fight the Phish.”
There are many ways to Fight the Phish, but the first step is to learn how to recognize phishing emails. A proven way to teach your employees how to spot phishing attempts is through Security Awareness Training.
Security Awareness Training
Utilizing proven programs designed to teach and gauge employees’ knowledge of cybersecurity threats, Security Awareness Training reduces the number of successful phishing attempts by cybercriminals.
Security Awareness Training programs use tools to create fake phishing emails to send to employees. For example, you could craft an email that is seemingly coming from your HR department about a new company policy to see who clicks on the link or attachment in your email. Based on the results, you can determine which employees need additional training or tighter security controls on their devices.
In addition to creating a Security Awareness Training progam, here are some tips to Fight the Phish, not only during Cybersecurity Awareness Month, but also making it part of your online routine.
Think Before You Click
Blindly clicking on email links, even if the email seems to be legitimate, will often leave users in a vulnerable place. Scammers often spoof company emails — or even text messages — that look like they are coming from UPS or Amazon. If you are unsure, hover over the link before you click on it to see if the URL matches up with what would or should be coming from the sender.
Be Aware, Don’t Overshare
Cybercriminals will often scope out social media pages to obtain personal details on you or one of your connections. These details are then used in phishing emails to make them more believable. It is important to be careful about the sensitive details you share over social media.
Guard Against Social Engineering
Social phishing is becoming more common. Watch out for fake friend requests or friend requests from strangers as they could be a trap to try to gain your trust and personal details. If you receive a request for money or personal details from someone you know, ask them in person or over the phone if the request is legitimate.
Any cybersecurity training is valuable, but it will be significantly more effective if the information is continuously reinforced. Annual training, as well as consistent micro-trainings throughout the year, are critical in reinforcing protocols. Programs like KnowBe4 can achieve this and be easily implemented with the help of an IT professional, like Imagineering.