Security awareness training – training employees to recognise suspicious messages: is your organisation already working on it or planning for it? If not, it is high time to pay attention to the issue. You can take an extra-efficient approach by outsourcing the training to an external partner for Managed Security Awareness.
Do your employees present a human firewall or are they the weakest link in your IT security? In many companies, they are primarily a weak point through which hackers can easily penetrate your network. This is also evident from the spike in the number of fake messages sent by hackers.
Hackers are increasingly professional
Does everyone in your organisation know what social engineering is, or phishing and smishing? In reality, even those who do know often still fall into the trap. In the past, fake messages were much easier to recognise, for example due to poor use of language, a wrong form of address or a highly suspect URL. Meanwhile, hackers have increasingly refined their approach. They respond to current events or manage to make an e-mail really look like a message from the boss, for example. These days the URL or file name sent with it is camouflaged in a sophisticated way, just like the copied layout of malicious e-mails and websites.
Homeworkers as the ideal target
The corona pandemic has further increased the risks. Employees who now suddenly all work from home turn out to be the ideal target for hackers. There is less social control and more distraction, and hackers are well aware of that. The result is a rapid increase in the number of phishing mails. In fact, the number of phishing attacks rose by a massive 220 per cent, according to the ‘Phishing and Fraud Report’ from F5 Labs. So sooner or later your employees will also encounter them. Are you sure they won't get caught out?
Not only training but also testing
Therefore make sure that your entire team is aware of the risks of being careless with potentially suspicious messages. It is very important to repeat this message regularly. In any case, security awareness training provides a number of tools for safer IT use. To be completely sure that the message has reached everyone, you should also test whether your employees actually leave suspicious e-mails unopened after the training.
Simulated phishing attacks
This is difficult to organise yourself. A Managed Security Awareness partner can do it better and more efficiently for you. With short online training sessions and simulated phishing messages that evolve with each individual user's level, you will know exactly how strong your human line of defence is.