Phishing Training For Employees

Blog / Phishing Training For Employees

The Importance of Phishing Training for Staff

While not everyone spends their weekends on the lake wrangling trout, we all understand the basics of fishing; stick a worm or other bait onto a fishing rod hook, toss it into the lake and wait until it lures your catch into taking a bite, then reel it in. Unsurprisingly, the cyberattack known as “phishing” uses essentially the same process during an attack. The attackers create emails, texts, or even social media posts, often disguised as legitimate correspondence from real businesses or organizations like the CRA, as the hook. Then they “bait” it with fraudulent, seemingly-urgent messages about your bank account security, or demands to pay an outstanding tax balance, and even threats of legal action. Then they toss it into the “lake,” in this case your staff email list, phone and identity lists from the dark web, and so on, hoping fear or even just confusion over unexpected charges will prompt the target to take action. Whether that’s clicking an email link and providing login credentials to a counterfeit site that can harvest the inputs, transferring assets, or opening a malicious attachment, once a target responds, additional messages urging them to follow through may show up as the attackers try to reel them in until finally the hacker either makes the catch and gets what they want, or the target wriggles free and clicks away.

Why is phishing training important?

Although phishing scams all basically boil down to tricking someone into doing something they shouldn’t, there are plenty of variations so it’s vital to ensure your defenses include technical controls like spam-filtering. As always, such defenses should also be properly configured and up-to-date. Perfection, however, remains impossibly elusive, so it’s also crucially important that staff have adequate training on how to spot and deal with phishing scams. In the event those controls fail, your employees become your last line of protection. That’s why it’s important they be trained on how to spot suspicious sending domains and to avoid clicking links from unknown sources, among other cybersecurity best practices.

However, there’s another good reason for investing in phishing training for your users, and that’s insurance compliance. Having some kind of cyberinsurance is increasingly common these days, and is flat-out required in some industries. More and more insurers require ongoing security training for employees, as do regulations like PCI-DSS and PIPA.

Regardless of whether phishing training for your personnel is legally required or not, it’s still a good idea. Compared to the potential costs of a successful attack, investing in phishing training is a small expense. If you’d like help planning a training program or maintaining technical controls properly, contact a TRINUS cybersecurity specialist to get yourself some stress-free IT.

This Shakespeare quote comes from Much Ado about Nothing; “Bait the hook well, the fish will bite.”

 

Be kind to one another, courtesy your friendly neighbourhood cyber-man.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.