How to raise employee cyber security awareness with a phishing simulation
Would your employees fall for a phishing attack? Put them to the test with a phishing simulation. We share our experiences from a recent case study.
Are your employees the weakest link in your IT security strategy?
Phishing emails are responsible for 94% of ransomware. Attacks have grown rapidly in recent years, costing businesses over $9 billion in 2018.
Whilst email security services help scan and block malicious emails, they cannot prevent all emails from getting through. As phishing attacks become increasingly sophisticated, they are more difficult to detect and pose a serious threat to your business. It is therefore paramount that employees know how to deal with cyber threats.
Would your employees fall for a phishing scam?
Your employees are your best form of defence when it comes to cyber security. It is important to establish a strong culture of cyber security awareness and to train staff to identify phishing attacks. Human error is the number one cause of breaches and phishing continues to be the leading method of attack. This is where a phishing simulation can help. Above all, they are designed to test and educate employees to avoid them falling for a phishing scam. This will avoid them becoming the weak link in your systems. Raising cyber security awareness will help employees react appropriately when exposed to a threat. In fact, employee education is one of the most effective ways to enhance your company’s overall IT security strategy.
Raising employee cyber security awareness - A real-life Phishing Simulation case study
PCR Connected recently helped one of our clients to implement a phishing simulation rolled out across the business to its 70 employees. Working alongside the MD, PCR Connected tested all employees to raise awareness of cyber threats. Firstly we created a series of emails that resembled socially engineered phishing attacks. These appeared from valid email addresses which had been tweaked slightly. Emails were sent to all employees at random times asking them to click on links. In a real attack, these emails would have compromised business security. As follow up, business leaders received monthly reports of who had opened and clicked on the emails. Subsequently, we established a cyber security training programme. This asked all employees to view an initial training video. After that, employees who repeatedly clicked on links were asked to watch a series of videos that increased in length from 15 to 25 to 35 minutes. Interestingly, the worst offenders were on mobile devices, highlighting the importance of increased vigilance whilst on the move. Random testing continued over a 12-month period to monitor changes in awareness and working practices. Importantly, the process was easy to administer and proved invaluable in promoting good-practice across the team.
Can a Phishing Simulation help your business?
PCR Connected has partnered with Trend Micro to help businesses manage their IT security more effectively. Phishing simulations can improve employee awareness by 25%. Phish Insight, a Trend Micro service, enables you to test and educate your employees on how to spot phishing attacks for free. In short, by combining a phishing simulation with phishing awareness training, you can provide holistic approach to protect employees from cyber threats. To find out more about phishing simulations or discuss your IT security in general, contact PCR today.