Chris Harragan
Security Analyst at i-confidential
We’ve all seen a phishing email.
And we all know someone who’s clicked on one when they should’ve reported it.
What about the second or third phishing email in a day you receive? Are you still taking the time to report them?
Only 3% of employees report phishing emails, and we suspect few, if any, have reported all the phishing emails they have ever received. It doesn’t matter how aware we are – at some point our fallible human nature just kicks in. So we all need that little reminder to report them.
Companies often used to advise staff to delete phishing emails and move on. Just avoid the problem. And this works great on an individual basis. But to protect the whole organisation you need a collective approach. If one person reports the issue, it reduces the risk to everyone else.
It only takes a single opened email to cause a breach in security. Don’t presume your report is a drop in the ocean. If everyone had that mindset, no one would report anything, and that would make the phishing campaigns so much worse.
No matter the software or hardware in place, the human element is always the weakest point in cyber security. There are, of course, solutions in place to reduce the amount of phishing attempts an employee will receive. The best solution to reduce the risk, however, is training for employees on what to do when they receive a suspicious email.
Ensure you have a designated mailbox to forward phishing emails on to. Run phishing campaigns to test your employees and offer support, not only for employees who click on the links, but for those who fail to report the emails as well.
The most important thing is not to get complacent. Don’t assume someone else has reported that dodgy email. A couple of minutes to take the extra steps required can help the entire organisation.
Comments