The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Cyber Security Training: How to Phish-proof Your Employees

Drastically Reduce Vulnerabilities in Only 90 Days

Continuing our discussion of cyber security training for employees of regulated organizations, this post examines the growing threats from phishing schemes and suggests training that will reduce the possibility that your staff will inadvertently unleash a disastrous attack on your systems, data and client assets.

Let’s start with a definition. Phishing is criminal cyber activity that takes many forms – emails, SMS messages, file downloads, etc. – and aims to fool people into providing passwords, credit card and personal information by mimicking a trusted source – like a bank, a retailer, a social network, a credit card company.

Some phishing schemes just want to scam as many individuals as possible. Others, like what is known as Spear Phishing, are more targeted and may go after one organization in an attempt to steal massive amounts of customer or client information. For example, in 2013 Target suffered a data breach in which 110 million credit card records were stolen from customers, via a phished subcontractor account. Target’s CEO and IT security staff members were subsequently fired.

Threats are growing and becoming more diverse, so it’s hard to keep up with what you should watch out for. There’s now Vishing (voice mail phishing), Smishing (SMS phishing), email phishing (which we’re most familiar with), mobile phishing (yikes!), ransomeware, content injection (bogus info requests injected into a reliable website page) and other schemes that will raise the hair on your neck.

Current vigilance and awareness training is a must to make your employees phishing savvy. Here at STG we partner with KnowBe4 for Phishing Awareness Training. KnowBe4 was co-founded by Kevin Mitnick, once the notorious “Most Wanted Hacker in the World.” 

He left the dark side to become the most famous cyber security trainer and author in the world. You can believe that Kevin knows a thing or two about what goes on in the mind of the hacker and has developed highly effective training tools to counter the criminal mentality.

A recent KnowBe4 study revealed that in financial services companies with one to 249 employees, 27.41 percent of employees are phish-prone. In healthcare and pharmaceuticals companies of that size the percentage is 29.80 percent.

The study showed that phishing awareness training makes a significant improvement to this risk. Drawn from a data set of more than six million users across nearly 11,000 organizations, it benchmarks real-world phishing results. Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer-based training (CBT).

We emphatically recommend instituting basic phishing awareness training and continuing it over time to keep employees up to speed on new threats and to reduce the possibility of a click that could put you out of business – or out of a job.

About Cyber Security Training for Employees

Cyber security training for employees will assure that everyone understands the potential issues and protects against them. It raises awareness of how to stay on the right side of compliance regulations and how to protect sensitive information on the road and at home, as well as in the office.

Cyber security training is an ongoing process as technology continues to evolve. Enlist a cyber security specialist team, whose business it is to assess and identify weaknesses in your environment and teach staff and management how to avoid problems before they arise. If you’d like to speak with the Soundshore Technology Group’s cyber security experts send an email to sales@soundshore.net. We’ll be happy to help.

Have you had any employee issues with phishing? Please share them in the comments.

Take a look at our full array of cyber security services.

Topics: Security, cyber security, phishing