Successful organizations understand that training content is intellectual property and it is critical to design and implement a strategy that secures it. Whether that’s establishing a data loss prevention strategy that identifies, tracks and prevents unauthorized access to confidential data or creating a BYOD policy, there needs to be an efficient and effective cybersecurity training program that’s relevant and retainable.
October is National Cybersecurity Month. With cybercrime shifting focus to businesses and mobile threats increasing, it is key to discuss some of the biggest challenges in cybersecurity training.
Hackers and phishing scams have become a major concern for many individuals and enterprise organizations. According to a Tripwire survey asking 200 security professionals about ransomeware and phishing, 58 percent of respondents stated their organizations have seen an increase in phishing attacks over the past year.
While phishing attacks have become more convincing, posing as legitimate messages, commonalities have emerged as a way for individuals to identify possible scams and avoid threats. People who execute phishing scams, known as phishers, tend to send realistic messages to millions persuading them to click a link in response to what seems like an urgent situation, according to ComputerWeekly article. Oftentimes, these links take people to convincing websites asking for their personal information. Attackers also tend to go undercover as CEOs and senior executives within the organization. An FBI report stated, “From October 2013 through to February 2016, law enforcement received reports from 17,642 victims, amounting to more than $2.3 billion in losses.” In a scam, links and attachments within emails can often embed malware and viruses that can lead to a breach in data security and data loss.
Although phishing has been around for a long time, IT professionals and enterprise organizations still struggle to identify scams before it is too late. Even more concerning is the concept of “spear phishing” where the attacker customizes the email with the intended person’s name, company, phone number and other personal information intended to mislead the them in to thinking it’s a familiar contact.
With cloud computing dominating today’s marketplace, it is important to ensure content security. Organizations that put sensitive documents on mobile devices without proper encryption, fail to encrypt data stored in the cloud or send sensitive information via unencrypted email are susceptible to phishing scams.
Here are several tips from the Digital Guardian to protect yourself and your organization from a phishing scam.
- Educate your employees about what phishing trends to look out for.
- Conduct training sessions with mock phishing scenarios.
- Use a SPAM filter that identifies viruses, blank senders, etc.
- Update all systems with the latest security patches.
- Install an antivirus solution and monitor the antivirus status on all devices.
- Develop a security policy that includes, but isn’t limited to password.
- Deploy a web filter to clock malicious websites.
- Encrypt all sensitive company information.
- Require encryption for employees that are telecommuting.
It’s unrealistic to prevent employees from opening attachments or clicking links within their emails; however, it is more crucial than ever to implement ongoing security training that consistently educates them on what to look out for. Security training must be constantly updated to keep up with potential threats and ensure your organization is protected. As the saying goes, “The best defense is a good offense.”