Have you ever wondered (quietly or aloud) “how do I prevent those most susceptible to phishing attacks from falling into the trap”. Well, as time and time again we see, the phishing attacks are getting more sophisticated and thousands fall for these attacks every day. So what if there was a better way. A new way. A way to help the key professionals in a business from opening that attachment or clicking that link.
One way in the enterprise is to use a company like PhishMe or KnowBe4, which facilitates phishing your own company employees to ensure they know what to spot in a good vs bad email. These company also offer training videos which help companies meet regulatory compliance for mandatory security training of it’s employees.
Security Info Letter
Propose a new program to test with your target audience. In this case, let’s pick a humble HR person that is undoubtedly bombarded with emails each day. Ask them to become a part of your experiment to fix any security issues that could originate from them while just trying to do their job with no extra work. (The no extra work should be emphasized to get a little buy-in.) Once you get the nod as the security person, you will definitely have to do the work, but luckily it should be very repeatable to the rest of your colleagues.
Step 1) Start your week by capturing all the latest security and attack trends. Perhaps you get updated from a Google News subscription to the topic of ‘cybersecurity’ or ‘data breaches’.
Step 2) Summarize a few headlines and make reference to the sources in a brief email and post them on a company intranet like Sharepoint if you have one.
Step 3) Email the HR person the summary news along with a few select others and ask them to start their day with a brief read of the latest attacks and share it with whomever they think might be need the news.
Step 4) Expand the circle of knowledge and influence by monitoring the most susceptible or talkative targets in your company. Use tickets, SIEM’s, and technology that points to the weak links in the business and let them know you will help
As you tend to find those that care more about security or the more chatty types that will spread your message, you create a distribution group that employees can sign up for and take your latest news and advice instead of hunting the information out themselves. Package it and deliver it, and if the message is brief and relevant, then you’ll grow a base of awareness and care among key persons within the business.