Hackers and scammers have learned over the years that the best way to get your employees’ attention is through a cleverly disguised email with a malware-infested link — sometimes asking for ransom. Regardless, it’s often employees who click these links and trigger a security issue without even knowing it.
It’s hard to hold the employees completely responsible because these emails often look genuine. They often include a company logo, and appear to be from someone they know inside the organization. These and other cues could suggest the email is the real thing. However, there are usually some clues that these emails are fake, if you know where to look.
Large organizations have the means to create training materials to help employees understand when a phishing email comes in their email box, but even smaller companies can conduct workshops or purchase training materials to make their employees more savvy about how to look for fakes.
The data tells a story
A recent survey conducted by Barracuda Networks of 660 executives, individual contributors, and team managers working in a variety of IT-security jobs across a broad geographic area including the Americas, EMEA and APAC, found that employees do in fact report suspicious emails on a daily basis.
The report revealed that 94 percent of respondents have employees that are reporting emails they believe could be phishing emails every day. However, over half of those emails (58 percent), turn out to be safe. Still, it’s probably better to err on the side of safety, rather than click a bad link that could compromise the organization.
Once a compromise happens, it can be expensive. Two-thirds of respondents reported that attacks had a direct cost related to it, and almost a quarter say that an email-related breach could cost their company $100,000 or more. When you look it at it that way, better to have a ‘false alarm’ employee report than none at all.
Almost a quarter of respondents to a @barracuda survey reported that an #email related breach could cost their company $100,000 or more. #EmailSecurity
As the report points out, email threats aren’t going away, mainly because they are so effective. It costs virtually nothing to send out tens of thousands of emails to keep searching for that hole in the armor, and then the bad actors is able to get in. The report concludes, “Reducing opportunities for cybercriminals, including improving email security that goes beyond the traditional gateway, helps every organization protect its data, bottom line, and reputation in the marketplace.”
Photo: JP Chretien / Shutterstock.