Phishing & Your Employees
Do you know that 91% of all cyberattacks begin with a phishing email (an email that looks like it’s from someone you know or do business with but is from criminals). This is based on research by Deloitte.
Phishing and Your Employees
The objective of a phishing email is to gain your employee’s trust via an email that looks like a legit email. The email may be seen as being sent from another employee, manager, executive, owner, customer, or vendor.
The typical purpose of a phishing email is to get the receiver of the email to believe they are receiving a legitimate email and usually ask the email recipient to take action that is favorable to the malicious sender/actor.
The action being requested by the malicious actor is to gain account numbers, billing information, or actual payment of some sort. I have seen malicious actors gain the confidence of legitimate employees and convinced those employees to make financial payments directly to them.
Simple Solution to Thwart Phishing Attempts – For Free, Yes, For Free.
1.?????Create an External Warning Banner that will appear in every email received by your employees that warns them that the email originated outside of your company.
a.?????The warning banner needs to be created in such a manner that it is not easily ignored.
b.?????Teach your employees why the banner was implemented and why they need to take it seriously.
2.?????Educate each employee about phishing emails and how to spot one.
领英推荐
a.?????Usually, the email address and the surname in the From: heading of the email looks wrong.?Misspelled names, surnames that don’t match the email name, grammar within the email is poor, lack of formal email signature, and correct contact phone number.
3.?????Designate someone in your company that employees can forward a malicious email to as a source to help validate if the email is legit or not.
a.?????The person who helps validate the email should have access to tools that show where the email originated from to help with validation.
4.?????Make sure your Finance department is well versed in being methodical when dealing with email inquiries about payment, account balances, and questions in general.
a.?????After all, this is the department where the money sits.
b.?????Teach them to pick up the phone to verify email inquiries using contact information stored in your financial systems and not rely on the contact information in an email.
5.?????Enact a process that rewards your employees for recognizing and not responding to malicious emails.?
a.?????A simple email sent to the whole company thanking employee X for recognizing and not responding to malicious emails is a great way to get awareness and participation.
It is easy and costs no money to implement an effective anti-phishing program within your company.?It will provide your business with one of the greatest returns on investment you can ever get.