Employee Education Fights Back Against Phishing Attacks
By: Jim Stickley and Tina Davis
November 1, 2019
Since the 1980’s, email phishing campaigns have been a force to be reckoned with. Today’s business leaders need to see email phishing for what it is–a threat to their continued success. Over time, cyber criminals have greatly improved their phishing tactics and continue to do so. With research showing more than 71% of cyberattacks come from phishing emails, most malware hits their target using malicious email attachments. Since employees are at the front lines of receiving these emails, the best defense is a well-trained staffer who knows how to ferret out the good from the bad and the ugly.
Since deceptive emails often appear to be from a reputable and trusted source, attackers rely on subject lines and content with a sense of urgency to trick recipients into opening them. Once opened, these emails hold links to bogus web pages asking for sensitive company data and attachments that install malware onto systems. Research shows 60% of small-to-medium sized businesses go bankrupt within six months of a successful phishing attack. The loss of consumer confidence after a hack can mean the beginning of the end for some businesses. All it takes is one employee mistake to shake even the biggest of companies to their core. The FBI reports business email compromise (BEC) has resulted in losses to companies over $12 billion in the past five years and counting.
The best email phishing deterrent is ongoing cybersecurity training for all employees. Ongoing education is a key component as attackers continually refine and improve their tactics. We now know email phishing trends over time into new and more effective directions. Simulated phishing emails and other real-life employee training go far to educate staff how to spot and stop a phishing email. Active training can be the best deterrent in the face of ransomware and other malware phishing attacks. All employees, from new hires and long-time staff, ranging from entry-level to CEO, should always be included in cybersecurity training.
Remember, no one is spared from BEC attacks. Inevitably, an employee will receive email phishing in her inbox, and preparing her to spot and delete that one email may be the best investment yet.