Go Phish

28
Jun

Phishing and spear phishing continue to be lucrative enterprises for hackers. An effective strategy to prevent these attacks is a layered security approach with technical layers like hardened firewall configurations, anti-virus software, and email and web content filtering solutions. Fortunately, legitimate technology developers and support organizations are continuing to develop great technology tools to help thwart many attempted attacks. However, since an estimated 60-70% of all successful virus attacks are caused by unwitting users bypassing the technical safeguards, the most important layer of your network security is actually non-technical.
To enable a winning protection strategy, user training and regular phishing security tests of your users is critical. A phishing security test is conducted randomly by sending various emails that look legitimate to every user in your organization to see if they can be tricked by a phishing or spear phishing attack to click or provide important personal information. We not only send these out to every email address within the organizations we support, but we also send them to our own employees.
I have to say, at first, I felt a little strange about testing our employees like that – it seemed as though we didn’t trust them, that we were trying to trick them. So, after we shared the result of our first phishing attempt with our team, I polled several employees privately and asked them how they felt about being tested like that. Their feedback surprised me. Every person I talked to thought it was a good idea. They completely understood why we do it and they fully supported the program.
If you haven’t yet trained and tested your staff, you should ask your managed service provider if your program includes scheduled training and testing. Regular training followed by controlled phishing tests should be a consistent practice to ensure the safety of your organization’s network.

Authored by Donald Nokes