What’s your ransomware and phishing risk? If you have employees, you won’t know, unless you test your team to see exactly how they react when faced with a suspicious emai or voicemail.
Ransomware and malware make headlines every day, with massive data losses and high costs. Everyone from the FBI to the IRS issue regular warnings to both individuals and business about the dangers of phishing and how hackers use phishing to deliver the malware that puts you at risk. While regular security updates and other measures can help protect you, your loyal, hardworking employees are actually your biggest risk when it comes to phishing.
A full 91% of business data breaches all start the same way – an employee falls for a spear-phishing attack and the resulting malware rapidly spreads through the entire company network. Why do so many employees fall for phishing scams – and how can you tell if your business is at risk? Employee education and threat detection testing are key to preventing an outbreak of ransomware or data loss in your organization. Learning more about phishing, including the latest spear-phishing methods, and using simulated phishing testing can help you discover where your own risk lies and allows you to take prompt action to protect your business.
The Spear-Phishing Crisis
In July, the IRS and other Federal agencies issued an alert to tax professionals and other key industries warning of a rising risk of spear phishing. Spear-phishing is commonly used by cybercriminals to target businesses and organizations; a spear phishing email will generally target a wide group of users within an organization, hoping to snare a victim. Posing as prospective clients, trusted entities and familiar connections, the criminals hope that victims will assume the email is from a legitimate source.
In most cases, the victim is asked to download a bit of information, open a document to review a prospects files or even click a link to access data. Once the bait is taken, the malware is downloaded and the criminal can seize control of the user’s machine or steal their data.
How your Employees Put you at Risk
Employees boost your risk of becoming a victim in several ways:
- Lack of awareness: Employees may simply lack the skill to detect a spear-phishing email or not even be aware of risk. Once they click that bad link, a piece of malware could rapidly spread through your network.
- Poor password hygiene: Posting passwords in a physical location, like the top desk drawer, or worse, on the actual computer monitor can invite a criminal right into your network.
- No idea what to do next: Once an employee discovers they’ve made a mistake, they should know what to do – if they don’t quarantine their device immediately and seek help, your entire organization could be in jeopardy.
- Falling for a delivery scam: One-way criminals try to get your team to click on bad links or download malware is by sending a realistic looking shipping notification from a big brand like FedEx; your employee clicks and the next thing you know, you’re infected.
- Trying to impress a new client: Opening attachments from anyone, including a prospective client, is a bad idea. Hackers have figured out that employees that are not terribly tech savvy can be social engineered into opening a bad link in the name of customer service or closing a deal.
Reveal your True Risk
Your employees could put you at risk in any or all the above ways – and probably some ways you haven’t even considered yet. There is just no way to know – unless you test them to see just how savvy they are. The more employees you have that are truly Phish-Prone, the better off you’ll be. Smart, aware and in the know employees are your best defense from spear-phishing, and once you know where you stand, you’ll be able to take steps to mitigate your risk and exposure.
How Spear-Phishing Testing Works
Cyber attackers are more sophisticated than ever before, so your employees need to gain more knowledge than they ever had to have in the past. From identifying social engineering attempts to spotting (and avoiding) spear-phishing and ransomware attacks, OnServe can help. By identifying those users that are most vulnerable and gullible, you can properly equip those employees with the skills they need to help protect your business.
Setting up a spear-phishing test is fast and easy and you can customize the test to most suit your business and environment. You can even choose the landing page your employees see if they fail the test and click the link. For educational purposes, your team can see what red flags they missed or a shocking 404 page with a message. Most people learn well by doing, and failing a phishing test is a memorable and shocking event that will help the message resonate with your team.
After you run your test, you’ll get a comprehensive report detailing how well your team did and what percent of users failed the test. The answers are usually eye-opening and surprising! Even your computer savvy team members could fall for the right type of attack; the ones that successfully pass the spear-phishing test could be caught unaware when tested with other methods. The OnServe “phishing” test is designed for these more sophisticated users and will allow you to test how social engineering savvy your team members are with simulated voice mail attacks.
Reduce your Risk with a Free Spear-Phishing Test
It’s not only fast and easy to discover just how much risk your team is exposing you to – it’s free, too! At OnServe, we’re committed to helping you identify and reduce risk, and our free phishing testing will help you get started. Start your free phishing test here, and contact us at firstname.lastname@example.org or (613) 634-8125 to ensure your team gets all the support and training they need to protect your organization.