Phishing can be Phun

Phishing can be Phun

9th July 2018 Security

As a business, you have a choice of two different ways to teach your staff about Phishing. One of them will be VERY expensive.

Phish

verb (used without object)

 1.  to try to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organisation, usually a financial institution, but contains a link to a fake website that replicates the real one.

verb (used with object)

 2. to make (someone) a victim in this way.

In this day and age, most of us know what phishing emails are and have seen them. Some of us may have even, (ahem), “known someone” who fell for one…

Like it or not, they exist and are here to stay. Online criminal activity is no longer the domain of the acne covered youth working from his mother’s back bedroom: these days, this is organised crime. The organisations in question are run like businesses with management structures, bonuses, the works, and all geographically outside the reach of the long arm of the law. Going forward, phishing is only going to become more elegant, more believable and altogether, more dangerous to businesses.

It makes no difference how sophisticated your mail filtering system is, it will not manage to catch all the phishing emails heading your way. If you think that your staff will be smart enough to work out what is real and what is not, think again. We are not talking about an obscure member of the Nigerian Royal family that wants to give you billions of dollars any more, we are talking about believable emails sent to your HR email address with an attachment called “D Smith CV.docx” and will infect your network with ransomware if opened, or even worse plant a trojan.

This is before we start looking at spear-phishing: this is where YOU are deliberately targeted and then presented with something tailored to you so that unless you really know what to look for, you’ll be reeled in, hook, line and sinker! Still think that your staff are up to spotting this sort of thing?

Your choice as a business is to wait for the day that someone falls for the inevitable phishing trap that’s coming your way sooner or later, or to do something about it now!

Assuming that your plan is to stay in business, the recommended solution is to train your staff with both simulated phishing attacks (that you have control of) and video content with tests. A recommended supplier of such training is Brigantia’s latest exciting and unique vendor: KnowBe4.

Using the KnowBe4 online platform is straight-forward: campaigns of phishing emails and video training are quick and easy to build and schedule. You can then see where your attentions are needed the most, which members of staff are most likely to open the wrong email or click the wrong link, so that you can focus your efforts where they are most needed.

Getting this kind of training is cheap. Falling for a phishing scam is not. Which would you prefer?

Call Brigantia on 020 3358 0090 or email partnersupport@brigantia.com to find out more.

About the author

Henry Chaw:

  Join our newsletter