What is Email phishing & why you need security awareness training in your business
WATCH VIDEO HERE
I am sure you must have heard about the Nigerian prince that like to transfer his millions out of the country or the big lottery win across the oceans. These emails are phishing emails.
As John Chambers, CEO of Cisco said, “there are only two types of organizations in the 21st century. Those that were hacked and those that didn’t realize it yet.” You may have many traditional security tools and software but the most important thing you need in your business is to build a human firewall.
We speak to a lot of businesses regarding this as we are an Email Phishing & Security Awareness Training provider. Our first question is, what do you do for Security Awareness Training? Here are the responses we get
- We send regular emails reminding our users
- We use our intranet to publish articles about this and provide classroom style training or have regular town hall meetings
- We use an e-learning platform and make our own videos to educate
- We have a platform that does it for us
If you are a number 4, you can give yourself a pat on the back, relax, get yourself a cup of coffee and feel smug that you are already doing the best thing to help protect your business. Good job!
If you answered 1-3 (or even if you don’t do any of these) don’t worry, we have your back.
So, what is Security Awareness Training? According to the website Smarttech.ie,
“Security awareness training is all about teaching your colleagues and employees to understand the risks and threats around the ever-evolving cyber world. ... Security awareness training also ensures that employees are fully awake to the consequences of failing to protect the organization from outside attackers”.
A good Security Awareness Program will protect your organization against the most cyber threats. You might think, ‘How can Security Awareness Training help us? We already have the best antivirus software and security tools for protecting our network’. You may have the best tools and software in the world protecting your network but at the end of the day, your weakest link are your users. After all, more than 90% of the successful cyber attacks start from an email. You will need to train your users, period.
Let’s analyze the common ways companies try to train their users.
1. Sending email reminders
When I was an IT Manager I belonged to the category 1. I used to send out regular emails reminding users not to open attachments from unknown sources. Reminding them “don’t click on the links in an email if you are not expecting it”. A day later I sent the email someone comes to me and asks the exact thing I already emailed them about. You get the point. Nearly half of the users don’t read emails from IT dept. How do you actually measure the results? How do you know if the user has read your email? Can you run some reports?
You may think this doesn’t apply to you and think “Our users are clued up.” But, how do you know? Can you prove it? Don’t keep your head in the sand. When we start the awareness program in a new company, it’s amazing to see that on an average we get 28% of the users clicking on the links they shouldn’t be clicking. 28% is a lot when all you need is just one click on one wrong email link.
2. Classroom style training
This is really good if done right but it takes up lots of resources in terms of time and cost. Measuring the effectiveness still a bit tough unless you are using some sort of simulated phishing email campaigns. Not to mention the time users are away from their desk and how often you need to do these training's to make them effective. Why would you do that in 21st century?
3. In house E-learning platforms
Great! You are the most efficient of the bunch… almost! If you have the mechanism to train employees through the e-learning platform, somehow measure the results and produce reports. This is brilliant. How much time and money are you spending on this? Are you able to produce the reports you wanted? Are they granular? If you feel there is a room for improvement then there is an easier, cheaper and more efficient way.
4. Outsourced Email Security Awareness Training Platform
Now the final category. The platforms that are built for this exact purpose. The security awareness training platforms that can sync your users, have in-built phishing templates, training content, tools to empower end users, granular reporting and make it really easy for you to use and monitor. These platforms are relatively inexpensive and cheaper than building your own. There are SAAS, on-premise and there are cloud-hosted. Depending on what fits your business you should definitely explore these.
Are you interested in finding the right email security training platform for your business? Depending on the type of business you have, you may have different needs. Here are a few platforms that we recommend looking into.
Here is a link to Gartner Peer Insights on Computer-Based Security Awareness Training to compare these options and help you find the one that’s right for you. At The TechForce our experience and expertise in security means that we only source the best solutions to make it easy to protect your business. We are a KnowBe4 partner and happy to give you more details on this. Click here for more info, or click here to chat with one of our experts.
- How to apply for the Cyber Essentials Voucher Scheme
- 5 things to consider when selecting a Security Awareness Training (SAT) platform
- 2 Years, Marmite and £600,000
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- How to pick the best Antivirus software for your business
- 6 Quick and Easy Email Security Tips for Dummies
- How to carry out a baseline email phishing test
- How to share passwords safely in your Small Business
- 10 Steps to Cyber Security
- 5 Reasons why you should consider having two monitors
- 6 Top Tips to Prevent Cyber Attacks
- How to choose the right IT Service Provider for your business
- How to choose the best Antivirus software for your business
How to apply for the Cyber Essentials Voucher Scheme
The Scottish Government is very aware of the threat Cyber Attacks have and is encouraging businesses to go through Cyber Essentials certification and is offering up to a £1,000 voucher per business. This is how to claim it.More
5 things to consider when selecting a Security Awareness Training (SAT) platform
No matter what technology you have in place your weakest link is your employees and their lack of awareness. To build a great human firewall you will need a decent Security Awareness Training programme.More
2 Years, Marmite and £600,000
Either people love my approach or hate it. There's no in-between and I am fine with that. Over the last two years, I came Face to Face with a few haters but for every hater, I met 10s of people that supported me.More
What is Business Email Compromise (BEC) and how to stop it
Business Email Compromise (BEC), the biggest Cybersecurity threat for SMEs. As the FBI reported it costs businesses $12bn between December 2016 and May 2018. Here are a few simple steps you can take to avoid BEC in most cases.More
FOR LATEST UPDATES SUBSCRIBE HERE: