Don’t take the bait.
It’s a simple request. But how certain are you that your employees won’t bite? Very? Somewhat? Not sure? Or not at all? Business leaders should embrace these questions to be certain employees won’t sink the company.
There was a time when the phrase “we’ve gone fishing” had a simple meaning. It was about spending a day on the lake or river and hoping to bring home dinner. But the relaxing hobby takes on a new spelling -- “phishing” -- and different definition in today’s world of technology.
Phishing for workers -- casting emails instead of fishing line to lure unprepared victims -- has become a primary sport for hackers to steal information from company employees. The annual Bassmaster champion pales in comparison to an information-plundering winner. The competition is so intense, a new phishing champion’s reign might last no longer than a few seconds.
Innocent workers, going about their everyday affairs, are their employers’ worst enemies. Billions of emails are received and sent daily. Some sent are business-related, clean and harmless toward a network. Others are dangerous, with the intention of fooling a person into downloading a virus or disclosing classified information. These missteps could lead to short-term headaches, temporary shutdowns or shuttering of headquarters.
Phishing scams are among intruders’ most proficient tactics. They are aimed at fooling a user into clicking on a link and leaving him/her vulnerable to an attack.
More than 75 percent of businesses reported a phishing attack in 2017.
It’s an expensive issue, sometimes costing a company as much as 7 figures financially.
Businesses have options from which to choose to better educate their workforces. A simulated phishing test can be performed in-house or through a third-party, preferably a managed service provider or website. But this action should only be part of the training. Research has proven testing provides better results when coupled with better security-awareness training.
KnowBe4.com tutored and examined 6-million users and found the percentage of employees taking the bait dropped from 27 percent to 2.17 percent over a 12-month period. The improvement was striking. Companies opting to forego training learned that strictly using a phishing test didn’t provide the same results. Pivotpointsecurity.com reported that an initial test given by a company showed 42 percent took the bait. The same test was administered six months later, and 39 percent failed.
Keep alert and be certain the person on the other side is legit. Force employees to use strong passwords or passphrases, and enforce short lifespans, preferably a three-month limit. Sixteen-character, three-word passphrases can have as many as 11 quintillion combinations, and 12-character passwords would take two centuries to break.
Fishing was meant to be a peaceful hobby, spent on a boat, kicking back and enjoying the scenery with friends. Phishing couldn’t be more opposite. Grief replaces peace, and company heartache replaces rest and relaxation. Not to mention, you’ll be left with an empty stomach, a raging headache and a negative impact on your bottom line.
So please, don’t take the bait.
To discuss security strategy, email Security Analyst Frank Verdecchia at firstname.lastname@example.org.
Apogee IT Services is Pittsburgh-based Managed Service Provider with branch offices in Boston and Toronto. Apogee provides Managed IT Services to more than 300 small- and medium-sized businesses across the Northeast with a focus on legal, manufacturing, financial services, non-profit, and many other industries. Technology services include hosted cloud services, proactive IT management, multi-layer security including data backup and disaster recovery, 24/7 monitoring and alerting, Help Desk and end-user support, network planning and design, and IT roadmapping, among others.