Imagine yourself as an employee having your morning cup of coffee while checking your email box. Suddenly, an email from your CEO pops up asking to urgently confirm your attendance of a meeting with your Google account details. Without much thinking, you do what you were asked. Next morning, you receive a message from the management saying you have been caught by your own company’s phishing experiment.
According to Wombat’s 2018 State of the Phish survey, 76% of organizations say they experienced phishing attacks in 2017. Daniel Markuson, a digital privacy expert at NordVPN, confirms that no company is immune to these attacks. According to him, employees remain the weakest security link.
Phishing test: how and why?
Phishing attacks allow criminals to disrupt systems or gain access to confidential information. One successful phishing email can cost businesses thousands of dollars and a good amount of time. To cope with this problem, a lot of security-concerned companies conduct “phishing tests” on their employees. These tests aim to increase the resistance of their staff members to a potential email phishing attack. The participants are not informed about this simulation in advance to catch them in a mistake.
Company’s IT department creates a fake phishing email and sends it to the employees. The message claims to be from a legitimate company and aims to elicit fear, curiosity, or a sense of urgency from the participants. After the test, the company records which employees clicked on the link in the email, opened the attachment, or entered passwords on a fake website. It allows seeing which staff members need additional security awareness training.
However, according to Daniel Markuson, we should also consider the negative sides of these tests. “It is not possible to completely avoid human error. Moreover, employees may delete a legitimate email or miss important deadlines because they can’t decide whether to open the email. A negative test result may also put too much psychological pressure on the ones who failed. It may discourage them from reporting when they have clicked on a real phishing email,” says NordVPNs digital privacy expert.
How to keep your business safe from email phishing attacks
Whether or not you decide to conduct a phishing test, Daniel Markuson, digital privacy expert at NordVPN, advises you to educate your employees continuously. They need to know the importance of verifying the security of the site, not clicking suspicious links, and never giving out their personal information. You should remind them to constantly check their online accounts, update their passwords, and keep their browsers up to date.
For advanced security at the workplace, you should consider installing such tools as:
An anti-phishing toolbar. Such toolbars run quick checks on the websites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious website, the toolbar will alert you about it.
Firewalls. Having a properly configured firewall might also add additional security that can protect you from certain digital threads. Moreover, some firewalls come with URL filtering options, preventing you from visiting a possibly malicious website.
Ad blocker. Some pop-up windows that mask as legitimate components of a website are in fact phishing attempts. Many popular browsers allow you to block pop-ups, so don’t forget to use it while browsing.
Antivirus software. Anti-spyware and firewall settings are another effective way to avoid phishing attacks. Antivirus software scans every file that comes through the internet to your computer and helps to prevent damage to your system. Just don’t forget to update the programs regularly.
VPN. A virtual private network, like NordVPN, encrypts your internet traffic and protects your online identity, so you can enjoy the highest level of safety while browsing. Once activated, their CyberSec feature will automatically block phishing sites, preventing you from visiting them.
NordVPN is the world’s most advanced VPN service provider that is more security oriented than most VPN services. It offers double VPN encryption, ad blocking & Onion Over VPN. The product is very easy to use, offers one of the best prices on the market, has over 5,000 servers worldwide and is P2P friendly. Find out more on nordvpn.com.