Phishing is one of the main cybersecurity risks that an organization can face. Regardless of size or location, every business is at risk because hackers do not have a specific target. Phishing is the fraudulent practice of sending emails pretending to be from reputable companies to trick individuals to reveal personal information, such as passwords and credit card numbers. Although there have been widely publicized stories about company info being compromised, many businesses still don’t have a cybersecurity plan in place.
Cybersecurity starts with educating your end users. Do your employees know not to click on links that people send to them unless they’re sure the links are coming from trusted sources? To help with the end-user education, Office 365 comes with a cool feature that allows you to send fake phishing emails to your employees/end-users to test whether they’d click on a malicious link or engage in other unsafe behavior. These emails can be fully customized. You can send a customized, fake phishing email and get a report on the end-users that failed the test.
Here are steps you can take to make cybersecurity a top priority:
Implement a cybersecurity policy and procedure document.
It doesn’t matter if you’re a one-person organization or a 100,000 – you need to detail your action items long before a threat is identified. This document should contain a section that details action items, in case your end-users encounter perceived or real compromises.
Build your cybersecurity strategy around educating your end-users.
It is rare we see hackers jumping past a company's firewalls to compromise their network because it is too time consuming and expensive. In a hacker's mind, it is far easier to send a phishing email to employees and let them do all the hard work (like clicking on a malicious link). It's likely every one of your employees has an email address, access to the internet, and the ability to fall victim to a hack. Educating your employees is the easiest and cheapest way to prevent attacks.
Have tools in place to help prevent the potential for compromise.
Cybersecurity protection doesn’t just come from making sure your end-users don’t click on the link or visit a site they shouldn’t. We’re human after all, and as humans, we make mistakes. In addition to preventive education, make sure you have additional tools in place such as Advanced Threat Protection. In the event your employees slip up, this keeps you protected.
Use a tool that creates a fake phishing email and see how many of your end-users open it.
One tool we suggest is the Office 365 testing tool. This can really help in determining which end-users in your organization could fall victim to phishing attacks and other malicious activities. This type of reporting becomes critical to understanding how effective your cybersecurity program is. If you see a lot of your end-users failing the test, perhaps you need to put more into their training.
Long term, some businesses deploy a cybersecurity awareness certification program as a part of their continuing education process. Look at your business and employees, assess the cybersecurity needs, create an action plan, and continue to educate your staff.
If you have any questions regarding cybersecurity or education tools, contact your AMT System Administrator today. Stay safe out there!