Employee-friendly Content Blog

One Phish, Two Phish, Oops Phish…

One Phish, Two Phish, Oops Phish…

Cyber-security is getting tougher every day. Hackers are smarter. Technology is advancing faster. And the losses businesses experience as a result of cyber-crime are astronomical. A quick Google search shows that the cost of cyber-attacks in 2015 was estimated at $400 billion, and ransomware alone cost businesses $209 million in just the first 3 months of 2016. That’s bananas.

Luckily, the good-guy tech is getting better too, but the number one security risk for businesses isn’t their technology—it’s their end users.

So how do you protect your business if the biggest issue is human error? WorkSmart now has a Security Awareness Training and Phishing platform to:

  1. Test your risk level
  2. Educate your staff
  3. Measure if it’s working on an ongoing basis

And it starts with a phishing test.

But wait, what is phishing? Phishing is a hacker’s attempt to impersonate a trusted entity (like a co-worker, friend, or vendor) via email in order to obtain information that will give the hacker access to something valuable— like a password or a bank account number.

The first step in our Security Awareness Training and Phishing platform is to test your risk level by sending out a simulated phishing email. It looks just like what a hacker may send. It comes from what looks like a trusted source and requests an action to be taken (like clicking a link). We know firsthand the value of this test, because WorkSmart puts programs to work for us before making it available for our clients. Our staff was served the Phishing test, and quite a few of us fell for the trick and clicked the link. The test was tough—the email looked like it came directly from our COO’s account. Here’s what popped up in my inbox:

Phishing email sample

As someone who (yep) fell for it and clicked the link, I can say that this testing and training is pretty important—even within a tech company. Hackers keep improving their techniques and sophistication, so we have to keep testing and learning to keep up our defenses. While my co-workers are super tech savvy, my expertise lies elsewhere in marketing, not cyber security (yet). The idea that I could have allowed a hacker to do real damage to WorkSmart is a little nauseating.

Now that knew our risk level, we moved on to educating our staff.  We were all required to take the same Security Training that we’re offering to you—whether we clicked that malicious link or not. It’s an interactive blend of talk training by “The World’s Most Famous Hacker,” visual examples, and mini quizzes. It covered exactly how to tell if something is a threat, including phishing, ransomware, and wifi access points. I learned a lot from our security awareness training that I’m applying in and out of the office.

We are now sending out regular random tests so we can measure if it’s working on an on-going basis, and you’d better believe that I haven’t clicked on any of these subsequent tests (take that hackers!). In fact, I think we all learned a thing or two. Our phishing-prone click rate dropped significantly after the first round of testing and training and improved by 84%.

Would you like to learn more about adding this feature to your account? Talk to your Account Manager today, or click the link below to fill out a contact form and a Senior Business Adviser will reach out to you shortly.

Contact us about security solutions