Phishing, or Cyber Attacks, are unfortunately becoming more common. You’ve most likely received a few in your work or personal inbox already. Maybe it was an odd-looking email from iTunes, or something from Gmail saying your account was going to be suspended while urging you to take immediate action. These types of emails are designed to play on your emotions, create a sense of urgency, and get the recipient to click through and enter personal information before they have time to think it through or notice weird spellings or an odd sender email. Unfortunately, these types of emails are not going to go away anytime soon, so it’s important to train your staff to watch out for them so they do not inadvertently fall for an attempted cyber attack. Here are five ways you can help train your staff to avoid cyber attacks and phishing attempts:
Create a Company Policy and Communicate it
Prepare yourself for the reality that these emails will be sent out for your team by having a policy in place to deal with them and clear steps that employees need to follow if they receive one. Usually, the policy requires employees not to click on any links or respond to an email that appears suspicious and to forward it to the appropriate company contact.
Encourage Employees to Ask Questions
Keep employees on alert by asking them to question emails they get that seem out of the ordinary, if the messaging is urgent, if an email is asking for their personal information, or if it’s from a sender they don’t recognize or were not expecting an email from. It’s important to let employees know that they should voice concerns and there’s nothing to be embarrassed about or hide if they think they received a cyber attack or phishing email.
Don’t Penalize Employees for Mistakes
Some companies choose to put disciplinary actions in place for employees to try and prevent them from accidentally clicking on a phishing email, unfortunately, this tactic usually backfires. By having disciplinary measures in place, employees are scared to come forward if they make a mistake because of the repercussions which can prevent you from being able to effectively mitigate a phishing attack. Letting employees know that there won’t be any repercussions but that it’s important to let someone know if they click on a link they shouldn’t have, is often a more effective approach.
Whenever someone receives a phishing attack or questionable email, have someone on your IT team remove all the links (so no one can inadvertently click on it) and then share a copy of it with your team. The more they see the different types of emails they might receive, the more likely they will be to identify an email before they have a chance to click on anything nefarious.
Test the Team’s Knowledge
If you have an IT department and the resources to put together fake phishing attempts, then it can be helpful to send a few out periodically to your team and test their savviness. Make sure the emails look legitimate and then track who clicks on the links. This can be a good way to gauge your teams understanding of phishing attempts and flag who might benefit from some additional training on the topic.