Cloud email security: Put your employees to the “phishing” test
Phishing is a common cybercrime with cybercriminals using fake emails to trick employees into clicking on links to malicious websites or to open attachments containing malware. When cybercriminals are successful, they can gain access to organisational systems and compromise sensitive information.
Is your company safe from phishing attacks? There are two ways to find out – through a pre-planned simulation or an actual attack. Of course you’d rather be in control of your email security and build meaningful awareness for your employees. A phishing test is an effective way to provide employees with real-life scenarios in a controlled environment without exposing the business to unnecessary risk.
Draft an internal phishing campaign
Choose a phishing test tool. Once the tool is ready for use, be sure to notify your employees because the point of the test is to educate your workforce, not to “catch them making a mistake”. Negative reinforcements must be avoided during these trials. Do not see it as an IT versus employee scenario. The goal is to work together to train and notify employees of common phishing attacks.
Create a phishing email
When you create a phishing email, you have to think like a cybercriminal. Which department is the most vulnerable in your company? Is it sales? Could it be finance? What about employees who have access to your database? Target those employees.
Create a sense of urgency by saying something like: “If you don’t act now, there will be repercussions.” Most phishing attacks try to entice the reader to act quickly without thinking, so be sure to reflect this. Drop subtle clues such as sending an email from a client with a different invoice number.
Some good examples of different approaches to use include a fake email from an executive, a cloned site asking for an employee’s login details for that site, or fake information on insurance benefit changes.
Conduct a training session
During this session, explain in detail how phishing attacks work and their common characteristics. Teaching employees how to spot the warning signs and immediately recognise a scam is an important part of your company’s risk management programme.
Teach them about these red flags:
- The email asks you to confirm personal information. Contact the source via another channel to confirm.
- The email address doesn’t look genuine. A phishing attempt done immediately after Absa’s rebranding came from this address: email@example.com.
- Suspicious file attachments or URL links are included. Take a look at this example.
Source email security solutions
Training staff to be aware of these tactics is the most fundamental step every business should take, but it’s not enough on its own. People are fallible and, even with proper training, make mistakes.
That’s why we recommend taking the security of your email environment a step further by fortifying it with our all-inclusive cloud email security solution. It specialises in the provision of adaptive security against mail-borne threats be they foreign or home-grown.
SYNAQ has even developed unique and innovative tools specifically to tackle phishing tactics. For example, LinkShield is a recent feature of Securemail Premium designed to prevent users from getting scammed through malicious links contained in emails by checking the URL and advising whether it’s safe to proceed or not. It’s with such tools that we’re helping businesses stay safe from even the most cutting-edge and deceptive forms of cybercrime. We also offer the only local 100% punitive phishing protection SLA against South Africa’s leading banks.
Get SYNAQ Securemail for advanced spam detection and 100% virus protection. It’s the ultimate line of defence to protect businesses from spam, viruses and phishing attempts.