You’ll catch more phish with honey than vinegar
Businesses know that they have to combat the human error that results in cyberattacks to their network and potential loss of critical data. They value their employees but need to create an atmosphere of awareness. Savvy business owners and managers turn to training and education. But it can be challenging to train employees in best practices without a security background.
Studies prove you’ll get a higher retention rate and better participation when you train employees with “carrots, not sticks”. The Wall Street Journal examined this idea in the recent article ‘A Better Way to Teach Cybersecurity to Workers’: “The problem, security experts say, is that the usual security training is a big turnoff for employees. Most of the time, all it does is try to instill fear of clicking on suspicious links or using weak passwords. But research shows that approach doesn’t work.”
Keep your cyber awareness training from becoming a chore. Make it positive and incentivize employees for participation. Develop a security awareness training with built in reporting features so that the program tracks your employee’s progress. Giving you the perfect opportunity to reward them for successfully spotting a phishing trap!
What is the most common result of clicking on a link in a phishing email? Ransomware. The cyber epidemic that results in 57% critical data and/or hardware loss and up to 75% downtime for small to medium sized businesses (Datto State of the Channel Report). That’s too much to risk! Social engineering techniques exploit a very basic concept: it’s possible to trick people into doing the dirty work for thieves. Ransomware is the payload of choice for malicious email campaigns and in 2016 U.S. companies experienced the greatest number of ransomware attacks, over 500 million due to the Locky ransomware.
So how do you reduce the 30% phishing email open rate? Education, Engagement and Encouragement.
A training and awareness program that encourages good cyber hygiene can make a big difference between recognizing a phishing email or becoming a victim. When employees fully understand the issue – and the risks – they’re in a position to serve as the barrier of protection, essentially the “human firewall”. A security awareness program should combine a 3 step approach:
• Training – Employee email security training on a computer based training module
• Evaluation – Periodic testing through the use of simulated phishing that puts their training to the test
• Insight – In depth quarterly reporting reveals campaign statistics, vulnerabilities and employee activity
If organizations aren’t monitoring internal emails, they risk potential downtime, data & financial loss. Combat attacks by utilizing education with cutting-edge training methods to reduce human error. And with the detailed reporting features you can track the employees who successfully detect the phishing emails and reward them with recognition and prizes. Something as simple as an Amazon gift cards goes a long way to fostering good cyber awareness. A positive-reinforcement campaign will result in greater security, peace of mind and enthused team members!
Where do you start? Our data protection specialists can help you implement a security awareness training program, give us a call at 856-210-5800 or email at email@example.com.