Posted by : Sivapriya Tuesday, 31 May 2016

1. Keep the network out of reach of criminals
According to the Verizon data breach investigation report published last month, phishing remains a major data breach weapon of choice. Trend Micro added that ransomware is expected to be one of the biggest threats in 2016 and that a single ransom demand will go much higher, reaching seven figures.
Remember, cyber criminals are lazy. If your organization is a tough nut to crack, they will move on to find more low hanging fruit.

2.Launch phishing simulations
Running phishing simulations followed by ad hoc, gamified training is a proven tool to increase awareness and reduce risk. Repeat the process at least once every two months - changing behavior is a process. Training is important, but continuous assessment is even better to set the right mindset.

3.Use Gamification as training methodology
Let’s admit it, people hate training. They are sick and tired of videos and training wizards with boring slides and bullets. Meanwhile, for us, the security managers, it’s not really measurable. This is why interactive training or ‘gamification’ is much more engaging. Plus, people love to get high scores to collect awards, so why not? Create fun and interactive games to deliver your messages.

4.Definitely include your senior management
They are main targets, especially for spear and whale phishing. Make no exceptions. Publicly promote their participation. It’s a good example for the rest of the company.

5.Use real-life examples
It’s best to hit your employees with emails they might actually receive. Change difficulty levels and start from the ground up. Don’t expect people to understand advanced phishing examples from day one. Teach them step by step on both phishing scenarios and training modules.

6.Enforce training, and follow employee progress
To make it effective, employees must understand this is serious. They need to be reminded if they ditched the training. It’s your job to make sure they like it. It’s all about the messaging. They need to understand that they have a critical role in protecting the company and its assets.

7.Encourage ongoing phishing reports
Make sure each and every employee knows how to report back to the security team about suspicious emails. Many people tend to believe that the technology on premise will automatically stop all malicious emails and attachments for them. Make sure they understand that they are an active line of defense.

8.Ever vigilant
Phishing is the No.1 vehicle used by cyber criminals to deliver malicious software to your organization. The level of sophistication is increasing dramatically so traditional defenses are lagging behind. Make sure people are aware of the risk and well trained to spot and report it as it happens.

Leave a Reply

Subscribe to Posts | Subscribe to Comments


widget

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -