Phishing is the fraudulent practice of sending emails to induce individuals to reveal personal information. According to research from the Ponemon Institute, phishing costs a 10,000-person company an average of $4 million annually. Symantec reported that in the past five years, cyber attacks against small business owners employing less than 250 employees have progressively increased. The National Small Business Association (NSBA) reported in their 2015 Year-End Economic Report that 42 percent of small businesses have been victims of cyber-attacks. On average, these attacks cost $7,115. The average loss for small businesses with hacked bank accounts was $32,000.
When management and employees are more aware of the dangers of phishing, this security risk can be radically decreased and save the company millions. Business owners and managers need to have open communication with employees to advise them how to minimize the risk of spreading viruses to the company systems and networks.
Importance of Network Security
Network security is an important part of managing a successful company. If the system is vulnerable to viruses and not adequately protected, a company can quickly become one of the many that have fallen prey to dangers lurking on the Internet. Antivirus and malware detection software is not always adequate in detecting and stopping the damage caused by viruses and is only effective against 30-50% of threats. Oftentimes, it is too late before they detect these viruses.
Management must create and implement guidelines that they discuss with employees in order to create a safer online environment where they have significantly minimized risks. In addition to those guidelines, a business should implement a layered security strategy that is a multi-faceted and tactical method toward enhancing an organization’s cybersecurity and risk management practices.
Anti-Phishing Training for Employees
Management must take the threat of network security risks seriously if the employees are to follow their lead. A vital step in cultivating network security in the workplace begins with starting that dialogue with employees and training them on the potential risks and how to defend against them. When employees know that their individual behavior positively or negatively affects the security of the company network, they will think twice before navigating the Internet in an unsafe manner. Consider disseminating the following information to employees to train them on preventing phishing attacks.
- Hyperlinks – Share the importance of never clicking blindly on hyperlinks in emails or on websites with “click here” links.
- Hovering – Advise that they should hover the mouse over the hyperlink prior to clicking in order to ensure that it is a trustworthy link.
- Attachments – Discuss the dangers in downloading an attachment from an untrustworthy source.
- File Type – Talk about file types (pdf, doc., xls) and emphasize that they should only open a file that they were expecting and one that makes sense regarding the email content.
- Email Sender – Communicate that if they do not know the email sender, they should not blindly trust the content and open the email. They need to be aware of suspicious domains such as @xyz.com, and if the person is asking strange things.
- Subject Line – Tell them to pay attention to the subject line to ascertain whether it seems out of place, unusual, suspicious, or does not fit well with the email content.
- Email Content – They must understand that incoherent email content is a red flag. Some examples of inconsistencies include a vast amount of grammatical errors, the sender asking them to provide sensitive information, do something extremely unusual, or open a suspicious attachment.
If you’re in need of help creating and implementing network risk education for employees, Envision’s security awareness training is the ideal start point! We combine simulated phishing scenarios delivered directly to their inboxes with video training by the World’s most famous hacker to help your employees identify in real-time where your organization’s weakest links may be.
Just Contact Us to get started.