Your employees are using email for many hours on a daily basis, and there’s a good chance they haven’t been trained to avoid or protect themselves from harmful and malicious emails that inevitability find a way into their inbox.
There are so many chances for things to go wrong. Just a single click could open you up to a potential data breach, which the average cost for U.S. businesses in 2019 was $3.92 million dollars. And according to a recent study by Verizon, malicious phishing emails were responsible for 32% of all data breaches.
You may be asking, and legitimately so, “Shouldn’t my security systems prevent these malicious emails?” and yes they are absolutely crucial but the reality is a bit more complex. For example, some scam emails try to direct you to a website that your system finds is “clean” but is meant to fool the user.
Rather than trying to breach your computer systems, these scam emails try to “breach” your employees.
That is why teaching your staff to be aware of these pitfalls is crucial, along with having the necessary cyber security products in place. The human factor can often be the weak link in your security.
Don’t worry – there’s no need to take everyone back to college. A little awareness and education can go a long way in defending your business data. So we want to help you out with a handful of tips that will set your crew on the right path when watching out for harmful emails.
1. Set up cybersecurity training for the whole company
Creating a mandatory, company-wide cybersecurity training session can help your business avoid data breaches tremendously. Again, the training does not have to be far in-depth. Establishing simple awareness and vigilance alone can net benefits. You can cover best practices, what do to when they notice something suspicious, and of course what common scams to watch out for.
2. Teach your employees how to look for common scam and phishing emails
Scammers tend to use actual company logos and legitimate layouts in their emails, so spotting red flags can be difficult if you don’t know what to look for. Luckily a lot of malicious emails can be discovered & avoided with a little knowledge about how they typically work.
Here are a few tips on identifying phishing & scam emails:
Poor spelling or formatting. You will find some of these emails will be in broken English, with one or two sentences, a hyperlink maybe. These ones are easy to avoid, thankfully.
No specific greeting. In most cases, a phishing email will be attempting to act like a real company in addressing you. While real companies you’re working with will usually address you by your actual name (or screen name), scam emails may come across more general as they try to target a wide net of people.
Wrong company. As stated before, phishing emails will attempt to disguise themselves as legitimate companies in their emails. Sometimes they will disguise themselves as a company or bank that you do not use.
Incorrect domain. Check the sender’s email address, does anything look off? It should match the company’s domain name. An imposter can use other letters or characters to appear authentic. Look closely, as there have been quite a few surprisingly crafty ways scammers have hidden their domain names in the past.
Attachments or unsolicited requests for info. If you’re not expecting an email attachment from someone be extremely careful before clicking on one you receive some an unknown person. The same applies for requests for info. If someone claims to be your boss asking for sensitive information, confirm with them in person that it was them sending that request.
If this is all sounding a bit over your head, don’t fret. We at CSi Networks actually offer team-based cyber security training. With our interactive portal we can send out scheduled mock attacks, choosing from hundreds of legitimate-looking emails from many of the most popular services and banks. You can decide which emails go to your team members and then you can track their progress through our portal, determining who needs additional training or praise. The portal also comes with hundreds of micro quizzes that teach your crew what to watch out for.
3. Show real life examples of damage caused by harmful emails
Sometimes it can be difficult to grasp the seriousness of how devastating phishing and scam emails can be for a company. Showing some real-world examples can help employees understand what they’re up against every day. Learning through the numbers of dollars lost, people affected, damage to the company and other facts can really set things in stone.
4. Ensure your antivirus and other security appliances are up to date
Mistakes can happen and when they do, you’ll want a safety net. In that event, you will want your security software and appliances at their strongest. It’s important your security is managed well so it is aware of the latest threats out there. Your IT provider should be handling that piece for you. If not, let us know and we’ll happily set up monitoring for you.
5. Make sure leadership is involved in your security training as well
One Achilles heel to watch out for when scheduling a company-wide cyber security training session is not involving the leadership as well. We get it, they’re busy and usually needed elsewhere, but it is absolutely critical that they do the training along with the other employees because often the leadership of a company is targeted in attacks called “spear phishing” or “whaling attacks”. Management or Leadership tends to be in possession of the most confidential and sensitive information that the company has, making them attractive targets to scammers and hackers.
As malicious email attacks become increasingly more sophisticated, it’s important that your employees know what they’re up against. Through a little knowledge and understanding, employees will feel ready to protect themselves and the company from being exploited.
Learn more about how CSi Networks can train your staff at watching out for email attacks or how we can supply and monitor your cyber security systems.