The How & Why of Training Your Team – Phishing Attacks
Phishing attacks are not only increasing but also adapting and evolving to the security measures many implement. To summarise, phishing is achieved via fraudulent emails in an attempt to get confidential data impersonating someone you may know and trust. Many are aware of the term phishing but few truly understand the far-reaching impact of these attacks.
Did you know:
“Phishing accounts for 90% of data breaches.
The average financial cost of a data breach through phishing on a mid-sized company is £1.3 million
Phishing attempts have grown 65% in the last year
Phishing attacks have affected 76% of businesses in the UK”[1]
The above statistics highlight the severity of Phishing attacks and what they mean for businesses and underline an increased necessity for businesses to train their employees on how to deal with Phishing attacks.
Cyber criminals are now conducting heavy research on businesses, aiming to target any weaknesses identifiable. The emails they are producing are becoming more and more cunning, making it difficult for the inexperienced user to know whether the email is genuine or not. Whilst cyber criminals regularly update and improve their tactics, it becomes important for businesses to simultaneously train employees to provide the most updated defence tactics.
The team at Sweethaven are working closely with security awareness training specialists and are now able to provide various forms of training on multiple forms of cyber-attacks and malware, such as Phishing.
Unsure as to how to start training your team? Here’s what a basic outline could look like:
Conduct Baseline Testing: Conducting a baseline test is the first step in demonstrating the need for security awareness training to your senior leadership. This baseline test will assess the Phish-prone percentage of your users. It’s also the necessary data to measure future success.
Train Your Users: Use on-demand, interactive, and engaging computer-based training instead of old-style PowerPoint slides. Awareness modules and videos should educate users on how a phishing or social engineering attempt could happen to them.
Phish Your Users: At least once a month, test your staff to reinforce the training and continue the learning process. You are trying to train a mindset and create new habits. It takes a while to set that in motion. Simulated social engineering tests at least once a month are effective at changing behaviour.
Measure Results: Track how your workforce responds to both training and phishing. Your goal is to get as close to zero percent Phish-prone as possible.[2]
Sweethaven’s own journey towards IASME Gold & CyberEssentials accreditation now means that we are fully qualified to support clients in the following areas:
GDPR & Security audits with full reports to identify areas of weakness and required next steps.
IASME and CyberEssentials accreditation to prove measures taken to improve data and system security, both to the authorities and your customers
For a more detailed plan and targeted approach to training your team to combat phishing attacks, contact the Sweethaven security team at commercial@sweethaven.co.uk Sweethaven is working with KnowBe4 and can therefore provide more thorough training for your staff. T
o find out more, please contact the team today. Use the email address above or give us a call on 01737 247 090.
Statistics provided by Cyber Security experts, Comtact Ltd - https://www.comtact.co.uk/blog/phishing-statistics-2019-the-shocking-truth[2] Points taken from KnowBe4.
To find out more, visit their website: https://www.knowbe4.com/