A company’s CFO gets an email from CEO asking for funds to be transferred. CFO requests for the details and sends thousands of pounds to the given account. Next time CFO meets CEO, he casually asks ‘Did you get the money?’ CEO says, ‘What money?’
CEO never sent the request and hence never received the money.
An employee got an email attachment that says ‘invoice’ or ‘Purchase order’. The employee opened it without checking the authenticity of it. A few minutes later, all his files on the PC are encrypted as well as the files on the server. The whole company went down for two days.
The FBI estimates losses totalling billions of dollars every year due to these exact issues. As an SME, how can you fight these threats? How do you identify the people who are most vulnerable to these attacks?
The NHS, Equifax, Maersk, TalkTalk and TNT Express… You know what they have in common. In most cases, these attacks happen due to the actions of an individual user. For instance, an employee of the company opens an attachment or clicks on a link that he/she is not supposed to. According to this article on Fortune, 16% of employees click on a link from an unknown source.
All those who work in IT know how it goes. We send out periodic emails asking our colleagues not to open attachments and links from unknown, potentially dangerous sources and many never read our emails. They go ahead and click. The click sound is nice!
It doesn’t matter what software you use, what firewalls you have in place, how many policies and procedures you write, ultimately, user education is the key.
So, how can you educate them?
Announce a town hall meeting and start talking about Trojans, PUPs, Malware, zero-day, WannaCry, Petya, etc.? No, not really!
You need to think like an attacker. You will need to phish your users and measure how many people are clicking on the links or opening attachments. Assign them to a relevant training course. I would love to explain exactly how it works in this post but that defeats the purpose.
We are currently helping several companies with exactly this problem and we would love to tell/show you how it works [strictly for IT departments]. Our goal is to bring those who ‘click’ down from 16% to fraction of it in the space of a few months.
Call us on 01224 51 61 81 or email email@example.com for a no-obligation chat about how we can help.
If you don’t see results we will give your money back. Thanks