Phishing attacks grow more sophisticated with each passing year. As technology advances, so does the opportunity for threats – such as with machine learning or deep fakes. And with increases in working from home, it’s no surprise that threats would increase. The only way to combat phishing and other attacks in the inbox is to strengthen your frontline defense: your end-users.
Cybercriminals often look for back door entryways
Bad actors have found ways to bypass a seemingly sound technological defense when it comes to filtering phishing attacks. Business Email Compromise is a good example of this.
There are typically no malicious links or attachments that can easily be discovered by anti-phishing technology. It’s an attack that is just a conversation with the employee that unfortunately can have very significant financial impacts on an organization through re-directed payments to cybercriminals. And besides this type of attack, if a phish can make it through the technical defense, it only takes one click to make an organization vulnerable to a breach. Thus, an end-user must be able to recognize and respond appropriately to suspicious emails regardless of whether a technical security solution is in place.
To improve training, go beyond compliance
Traditional approaches to security awareness training are very much a compliance approach. Organizations need to do the training, so they plan for one annual presentation or course in a year to check off a box and expect their employees to remember and employ all these cybersecurity best practices throughout the year to protect the organization.
But the reality is that people forget what they learn very quickly. The only way to combat this issue is to reinforce the information learned throughout the year. This can be through further formal learning, such as courses and videos, or practice exercises, such as phishing simulations.
Adapt your training content to suit a variety of learning styles
Routinely running phishing simulations on your employees helps prepare them to be your first line of defense and is a key part of any effective security awareness program and helps supplement lessons learned in the course. Leveraging a tool like PhishProof can help provide this type of holistic approach to security awareness training.
Additionally, environmental reinforcements like posters in the breakroom, digital signage in the hallways, newsletters, or screensavers, are all supplemental pieces that help remind employees of cybersecurity best practices.
Ultimately, the best defense against any cyberattack is a well-trained, educated end user. Taking a layered approach to email security by leveraging Inspired eLearning’s user awareness training and pairing it with GreatHorn’s advanced threat protection and dmarcian’s DMARC platform, you can start to achieve high levels of security across your largest attack vector – email.
Want to learn more? Watch our on-demand webinar: Developing an Offensive and Defensive Email Security Strategy