The Guardian (2019) recently reported that the average employee receives 121 emails per day and sends around 40. Covid-19 means many office workers are working from home thereby further increasing the sending and receiving of emails between teams. However, not all the emails being sent are legitimate and some may contain malicious malware or the sender might be looking to trick employees into sharing sensitive data, such as passwords and financial information. The statistics are shocking, with 88% of data breaches being caused by human error – it literally only takes one click.
Phishing
A phishing attack is when a criminal sends a fraudulent communication that appears to be from a reputable company or person. Attacks are typically accomplished through email exchanges. The purpose of phishing is to extract highly sensitive data, such as banking information, logins and/or to install malware on the unsuspecting victim’s computer. An attack can be costly and often results in reputational damage affecting share prices, customers trust and the business bank account. Organisations must learn how their employees can protect the business against cyber-attacks.
Creating a Human Firewall: Simulated Phishing Tests
Simulated phishing tests generate mock phishing emails that are sent to employees. The process can be used to identify if further training is required within the organisation surrounding phishing and cyber security fundamentals and be a method of reinforcing awareness. The results are measured to identify which employees “clicked” on the simulated phishing email. Employees are provided with various easy-to-complete online training modules to help reduce the number of individuals clicking the campaign in the future. The results are monitored over a period. The process of testing, training and reviewing employees raises their awareness levels and helps prevent them from clicking on real links/emails in the future that might lead to a costly data breach.
The process allows organisations to:
- Understand the level of risk and vulnerability to human error
- Communicate the importance of having a robust approach to cyber security
- Identify high-risk employees that need additional training
- Reduce the risk of a successful phishing attack(s)
- Benchmark against company industry sector
For more information on our simulated phishing technology and training please contact hello@clarrifyi.com or call 0121 232 4662