{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1100px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

What Every Business Should Know About Phishing (Part 3) - Employee Awareness

by Jason Blalock on October 18, 2018

Phishing guideIn the first and second articles, we talked about what phishing is, and provided some general tips for avoiding common types of phishing attack.  However, there's really more to it than that.  A truly security-aware organization should place an emphasis on employee education and training.  "Social engineering" style attacks - like phishing - can happen to anyone, at any workplace, and they can subvert all the work you've put into building your IT defenses.

Interested in learning more ways to protect yourself from Phishing?  Download our guide "How to Identify and Prevent Phishing" here.

So, for this final article in the series, we're going to to focus on education.  How can you create a workforce that's going to spot phishing attempts and other social engineering scams?  Read on for important tips! 

Five Vital Tips For Developing A Workforce Resistant To Phishing

get the anti-phishing tool kit1 - EVERYONE must get trained.

Yes, everyone.  From the janitor to the CEO, anyone who has access to any sort of information, sensitive locations, or system privileges within a company is a potential target for phishing.  Lower-tier targets can be used as springboards to scam higher-tier employees and, of course, gaining access to a C-level exec's passwords is a mother-lode.

Don't let anyone off the hook because they claim they aren't a target, because they are.

2 - Know how to spot the warning signs.

There are few genuinely perfect scams in this world, and most phishing attacks will have some big warning signs.  Here are some of the most common red flags:

  • Impersonal greetings, such as "customer" or "patient," rather than real names.
  • Multiple spelling/grammar mistakes.
  • Misspelled company names.
  • Incorrect URLs.  Look carefully!  Phishers like to use Unicode to create URLs which are almost identical to the real thing, with only slight variations such as a diacritical mark over a letter.
  • Requests seemingly from other workers which require ignoring standard security protocols.   
  • Misleading domain names.  "mail.google.com" and "mail.google.something.com" are not going to the same place.  Understand the difference between parent and child domains.
  • Open requests for money or personal information.
  • Unrealistic over-the-top threats, like "Respond to this email immediately or your bank account will be closed!" 
  • Claiming to be from the government.

3 - Encourage critical thinking and follow-up messages.

CEO impersonation would be impossible, if everyone in the workforce felt empowered to double-check an iffy message that seems to be from the boss.  Employees should NEVER be punished for doing a bit of due diligence to ensure a questionable email is valid, even if their suspicions turn out to be unfounded.  The alternative is far worse.

4 - Have a clear reporting protocol.

Ideally, your organization should have a clear standardized protocol in place for reporting suspected phishing attempts, and investigating their veracity.  This would likely be handled by IT or your security team, just depending on your organizational setup.  Sometimes IT can trace such emails back to their source and block them, or potentially even alert law enforcement.

5 - Do live tests.

There's simply no better way to know if your staff are properly trained to resist phishing and other social engineering scams, than to have professionals conduct a live simulated attack.  So called "white hat hackers" are security experts who make their living testing businesses' security and delivering reports on whether than security could be subverted.

These tests are entirely safe, and no protected data will actually be compromised.  The "attackers" will always stop short of doing real harm.  They simply show you how harm could be done, by a malicious agent.

Hummingbird Networks can be your partner in creating a highly-effective security setup, from initial deployment to penetration testing.  You can read about our services here, then contact us to keep yourself safe from scammers.

Think you're a phishing expert now? See if you can catch all of the phish!play spot the phish game

Topics: Network Security, Phishing, Sophos

Recent Posts

Popular Posts