Hello, Crown Clients and Friends!
Regular readers of this blog will know that just about every week, the word phishing makes an appearance. It’s just one of many types of attack that threatens the data security of your company, along with other attacks like brute force attacks, zero-day exploits, and others. Phishing attacks are special because they target our behavior, not just the infrastructure we use. The most effective way to fortify against these attacks is a change in our behavior, that is, education about attacks and how to avoid them. For some people, this may make it seem like their employees are their biggest liability when it comes to network and data security, but with a little education, all of your employees can become an effective part of your frontline defense against attacks.
Phishing is a kind of malicious social engineering: an attacker tries to deceive you into giving them information (such as email login credentials or VPN access) or open a malicious file to extract this information from you. Other attacks are less about our own behavior; if, for example, there are vulnerabilities in the software we use, we need to update once a patch is issued, but how we use the software doesn’t factor much into the attack. A successful phishing attack, however, is almost always a failure to recognize when someone is tricking us.
It’s likely that you didn’t hire a bookkeeper or maintenance engineer for their knowledge of contemporary network security, but the nature of today’s attacks requires everyone in your organization to actively defend their personally-identifying information to keep the entire company safe from attacks. Anyone’s compromised identity or workstation is a threat to the entire organization, so it’s important to educate all users in the organization to successfully identify and discard suspicious emails, confirm with coworkers that they really asked for that sensitive information, and never open unexpected attachments.
The scams that are out there can get fairly complicated when discussing their details and often require expertise to understand exactly how they work. Explaining this recent flaw in Outlook to non-IT staff might be nearly impossible, but educating them on verifying all unexpected links and attachments, even from seemingly trustworthy sources, is hugely valuable to your organization. In other words, a little education about best practices can go a long way to protecting your company’s data and infrastructure.
Crown Computers recommends companies like Knowbe4 or Breach Secure Now for your employee security training. These “cybersecurity awareness” companies provide services that include education for your employees on avoiding being duped by attackers and performing tests by sending mock attacks to your organization to see how secure you are. This type of training isn’t just a one-time online module that’s easy to forget or ignore, but rather a long-term project to make all of your employees into your first line of defense against malware and phishing. When you use Breach Secure Now’s Breach Prevention Platform, employees routinely receive suspicious emails as a test, and clicking a link or attachment gets reported to you as a lapse in good phishing prevention practices.
These companies work with your Managed Service Provider to provide an analysis of how well employees are doing at avoiding risky behavior and bad cybersecurity practices and can give you an ROI based on how employees are doing with their security. They also provide relevant education materials and training to fix the deficits in your organization’s knowledge of phishing attacks. Since phishing attacks are constantly evolving, a subscription to these educational materials can help keep every individual at your organization one step ahead of attackers going into the future.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team