Cybercriminals target computer users at home and at work, sending fake emails to solicit personal information. They might fake an email from a bank, trying to get account details. Or they might hack a friend’s email account, then send emails to make targeted victims think their friend is in trouble and needs financial help. These are just a couple of examples of phishing. Without proper training, it’s all too easy to become a victim.
Phishing accounts for 90% of data breaches, according to Retruster. And phishing is growing. Cybervillains create about 1.5 million new phishing sites each month. Unfortunately, they’re working—76% of businesses admitted they were victims of phishing in the last year, and a surprising 30% of phishing email messages are opened by targeted users.
As cybercriminals become more professional, their phishing attempts become cleverer, so even a sophisticated computer user might fall for them. Your employees might receive an email that looks like it’s from a legitimate business telling them they must urgently reply to the email or visit a website to update or verify information. Many of these phishing attacks look so convincing that your employees bite. But once an employee clicks the link or goes to the spoofed website—which may look nearly identical to a bank’s, credit card’s, or other trustworthy institution’s site—they’re prompted to enter PINs, Social Security numbers, or other information that the hackers immediately steal.
That’s why your employees absolutely must spot phishing attempts and prevent data breaches. Mandatory cybersecurity awareness training helps raise your employees’ information security IQ and protects your business and clients from security breaches.
What Makes Alterity’s Phishing Training So Effective?
We are passionate about changing the way people think and perform. Our solutions are designed around the latest in adult learning methodologies and offer a collection of engaging and effective education, communication, and assessment tools to address different learning styles.
We deliver training through a lively mix of videos, handouts, and podcasts, enabling employees to focus on the learning style that’s best for them. Employees learn important information about the different types of phishing, including spear phishing (which targets specific individuals or small groups) and whaling (where a company’s senior members are the targets). Through training, your employees learn to recognize phishing and email compromise attempts, and other ways cybercriminals try to steal their information. When combined with simulated phishing tests, you will see increased awareness and reduced risk of a security breach.
How Does the Program Work?
Step 1 – Educating Employees
The first step in phishing awareness training is educating your employees about the dangers of phishing and how they can recognize phishing attempts. Teach them about spear phishing and malware, and how to avoid hackers’ strategies designed to make them open dangerous attachments.
How To: Provide tips for spotting suspicious emails and make sure everyone understands your company’s policy for reporting phishing attempts. Introduce new topics each month to create a culture of security awareness all year long.
Step 2 – Simulated Testing
After the initial training, it’s exam time. Send simulated phishing tests to every single person in your company. It’s important to keep this “attack” top secret so you get accurate information about how all employees respond. You’ll track how many people open the suspicious email, how many click the link, how many ultimately get phished, and how many report the phishing attempt to your IT department.
How To: Don’t expect all your employees to pass this test. Meet with those who opened the email, clicked the link, and/or got phished and explain how their actions could have compromised both the company’s security and their own sensitive information. Be gentle with those who got phished; it’s all part of the learning.
Step 3 – Repeated Testing
This is the repeat step. Continue phishing awareness training. Work with different departments, reinforcing the security awareness training and updating them on all the newest types of phishing attempts. At the end of the training period, do a second company-wide simulation. You’ll know your awareness training was successful if fewer employees fall for the phishing attack and more report it to the IT department.
How Can Alterity Help?
Alterity specializes in working with state and local governments, utilities, real estate and title agencies, healthcare companies, Fortune 500 companies, and insurance agencies of all sizes. We understand that not every company has the resources needed to manage a security program. We make it easy.
Employees access learning programs through an intuitive, web-based learning portal. Posters and communications are available to help you launch your program and promote adoption. And we help you manage it all—importing users, assigning courses and learning paths, and creating scheduled reports to track company-wide compliance and reporting.
Contact us today to learn how we can help.