Should Business Owners Phish Their Employees?
We’re living in a time where cybercrime and ransomware attacks are announced like the next big box office hit. They’re making an impact worldwide, and it’s causing many businesses to suffer downtime, loss of business, and increased costs to recover from attacks.
One of the most common types of scams affecting businesses is referred to as phishing. Phishing attacks are generally emails that entice users to perform an action, like clicking a link to an infected webpage, opening a malicious attachment, or even wiring money.
These aren’t the “Nigerian Prince” or “long lost relative” scams we saw ten years ago. Today’s scams are incredibly hard to spot. Hackers are clever, creating fake emails that look like real ones you’d be expecting. So real, that sometimes they even slip past your IT security measures.
Smart People Fall For Phishing Scams Too
If a phishing email makes it to an employee’s inbox, they need to recognize that it’s a scam before they interact with it.
You’ve told your employees a hundred times what they should be looking for – check the sender’s email address, hover your mouse over the links to see where they’re taking you, don’t open attachments that come from people you don’t know, etc. And yet, they’re still falling for them.
So, maybe the best way to train isn’t by telling, but by showing.
How Security Awareness Training Lets Employees Put Their Training Into Action
Security awareness training services are becoming more popular. The most common offering is a phishing simulator. Basically, it sends fake phishing emails to your employees.
If someone clicks on the email to “track their order” or opens the attached “invoice,” it doesn’t infect your system, but rather it uses it as a training opportunity. It guides the user through the red flags in the email, showing them the clues they should look for next time.
Let employees know that this type of training will be going on and that you’ll be monitoring the results. You could even offer an incentive for employees that avoid the most scams.
Ongoing cyber security awareness training is available through companies like PhishMe, IronScales, KnowBe4, and many others. The pricing varies, but consider the amount of money that could be saved if this training prevents even one attack.
Phishing scams can be extremely costly for businesses – whether it’s in dollars paid to scammers, or in lost business and recovery costs. The Ponemon Institute estimates, “the average price for a small business to clean up after their business has been hacked is $690,000. For middle market companies, it’s over $1 million.”
Phishing Scam Relief With Cyber Insurance
Since cyber attacks can be so devastating, cyber insurance policies are now available for businesses. Discuss the specifics with your insurance broker, but investing in security training courses for employees could save you some money.
According to Monica Keehfuss, Vice President at HUB International Riverside:
“Providing a proactive approach with loss control prior to investing in insurance protection could be most beneficial. Showing you have implemented strategic measures to mitigate cyber claims provides a positive outlook and a level of comfort for insurance underwriters…hence reduces cost.”
The process for managing security at your organization is as important as the technology itself. Somebody must be watching the whole network to see what’s going on, and proactively prevent threats from reaching the data.
Don’t let your high-tech IT security measures be unraveled by simple human error. Train employees with tools that help them learn and recognize the signs of phishing scams.
As featured in July 2nd issue of The Press-Enterprise.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.