The risk posed by an individual not knowing how to recognise or deal with phishing emails correctly should be limited given all the publicity, yet still 1 in 10 will become victims. Almost all malicious hacking attacks follow a phishing email, which is why employees are now the prime target.
To combat the constant threat of an employee dropping their guard just once, leading manged IT services provider Quiss Technology has launched ‘Phishing Tackled’, a new service to help organisations improve security.
Quiss Commercial Services Manager, Matt Rhodes explains: “Unfortunately, many organisations believe they have taken all the necessary precautions to defeat cyber-criminals. They have secure systems and their staff have all had the security training.
“But unless these organisations ensure their training is updated and staff at every level are regularly reminded what to look out for, the organisation remains at risk. It is no longer a question of if an organisation will be targeted, but when.
“Phishing Tackled is a new approach to security; it’s like setting a thief to catch a thief. Working closely with the organisation’s managers, we conduct simulated phishing attacks throughout the year, to see how employees react.
“We create believable, credible emails tailored to the style of each organisation’s communications, so they appear to come from likely contacts that might lower an individual’s guard – we replicate the methods most often used by real cyber-criminals.
“We can target specific groups within an organisation at different times, like accounts or sales, with different emails and fake toxic attachments or clickable links that really look the part.”
Phishing Tackled does not test physical or system security, or an organisation’s firewalls, it is testing the weakest link; the people. It provides measurable results that show who responded to the simulated attack and what action they took; opened, clicked links, forwarded etc.
The comprehensive reports identify areas for improvement and testing this way helps identify employees who continually fail the tests, despite regular training. This allows an organisation to focus more training budget on these individuals or put steps in place to minimise the risk they pose.
Rhodes continues: “The reports highlight problems and our cyber-security training offers the solution. We help people recognise threats and know what to do when they receive phishing emails.
“Once employees are shown the possible consequences of their actions, they understand keeping the organisation and their jobs safe, is everyone’s responsibility.
“Phishing Tackled is simple to implement and within hours it could be helping protect an organisation against a very real and imminent threat.”