You’ve got a phishing email! Understanding Employee Security Awareness

Cyber Profiteering


Every day we hear about companies or individuals being attacked through the very technologies they depend upon to operate their businesses or perform their personal online transactions. The techniques used by the ‘bad guys’ are sophisticated, organized, and very profitable and the risk of being caught or prosecuted is very small. Profiteering off the backs of our businesses and ourselves and families is now a growth industry.

As businesses have invested in security technology to make it harder to break into their computer systems, the ‘bad guys’ have begun to exploit new ways to accomplish their objectives. Many of these methods take advantage of the trusting nature and lack of most individual’s familiarity with security awareness to create new pathways to achieve their nefarious goals. A good analogy might be that businesses have installed good locks and bars on all the windows and doors, but that doesn’t prevent people inside the building from answering a knock on the door from an unknown entity and inviting them inside.

Employee Vulnerabilities

In IBM’s 2106 Cyber Security Intelligence Report 60% of all attacks, successful intrusions (hacks) into businesses that result in bad outcomes, were carried out by insiders. Insiders could be those with malicious intent or inadvertently taking an action that invites the intruder inside. The result may be stolen funds, release of private information, identity theft, or holding entire businesses or individuals hostage for ransom.

There are actions each of us can take to reduce the chances of accidentally ‘inviting’ the bad guys into our work or personal lives. We can learn about specific techniques being used, and be on the lookout for them in the wild. This would work if only the scammers would sit still, and use the same techniques over and over again. The scammer world however, is one of rapid evolution, instant communications and strong competition for the spoils. They don’t sit still for long, and constantly come up with new and ingenious ways to encourage us to open the door and usher them in.

In addition to learning about many of the specific tricks the bad guys use, each of us can benefit from learning how to sense when thing aren’t quite right, when some contact we receive just might not be what it seems. The easy ones to identify are the million dollar Nigerian bank accounts emails… or phone calls. New and more sophisticated threats might seem to come from our family members, our co-workers, or our trusted institutions like banks, online retailers, or charities. We all need to permanently raise our awareness, develop our ‘spider senses’ and understand when and how to check up on contacts that just may not seem to be quite… legitimate.

Ongoing Security Awareness Training Program

The solution for many organizations is to run an ongoing Security Awareness Program. The program’s goal is to provide specific information and challenges in the short term, but over an extended period of time, to raise their employees awareness and ability to detect potential fraudulent communications and activities on our own.

Summit’s Security Awareness Program

Large companies have required security training of their employees for a number of years. Today, Summit is offering affordable ongoing Security Awareness Program for small to mid-size organizations. Employees will use a variety of activities to expose, teach, test, measure and keep them apprised of current events and scamming techniques. Over time, they will gain a better understanding of the types of unfortunate security intrusions that now push into our lives causing worries and stress. With a higher level of security awareness, employees can more confidently embrace the benefits offered by online technology, and more responsibly protect our work and personal interactions at the same time.

Learn more about Summit’s Security Awareness Training Program.

Share:

Facebook
Twitter
LinkedIn
On Key

Related Posts

Takeaways from the CMMC Rule Publication

The Department of Defense’s CMMC program has taken a giant step ahead with the publication of the CMMC Proposed Rule on December 26th in the Federal Register . This begins