Cyber Risk Aware Blog

Will Your Employees Take the Bait?

[fa icon="calendar"] 26-May-2017 09:13:29 / by Stephen Burke

Stephen Burke

Do your employees know enough about phishing? Can they explain what spear phishing is? Do you have a policy in place to help prevent CEO fraud?

If the answer to any of these questions is ‘no’, then you are not alone. Employees remain the weakest link in the battle against cybercrime and are criminals number one target.

Although most users now know not to click on links in emails from addresses that they don't recognize, many are still willing to take the identity of a sender at face value.

If an email appears to be from a colleague, particularly if it appears to come from someone higher up the food chain, then most employees will click links, download files or take action on the basis of the content.

Social Media Scams

The same holds true for social media, despite high-profile scams taking place where fraudsters copy profile pictures and create a duplicate identity to interact with a person's friends list, many users still don't perform even basic checks to confirm the identity of the person they are speaking to.

Risky Behaviours

What this implies is that, although your employees might be aware of the problems, they may still engage in risky behaviours. Fraudsters put a great deal of effort into their scams; they will research a firm so they are aware of the names of staff and use industry language which all give the impression that the target is speaking to another member of staff.

So, how do you change employee behaviour without making your workforce paranoid and without tying every decision up with so much security?

Security Awareness Training

The answer is that, in addition to investing in firewalls and other cyber security essentials, you need to continue to educate your staff about how fraudsters may approach them to ensure they are not prone to a phishing attack. Keeping a checklist of what to look out for in emails from new senders, as well as a policy for reporting possible cyber security incidents and a procedure for dealing with them will mean that word can spread as quickly as possible.

A Comprehensive Cyber Security Program

If you're not certain how your employees would respond to a phishing attack, it’s best to find out now. Watch an on-demand demo of the Cyber Risk Aware platform to learn more about the services we offer to evaluate employee actions and give them feedback and education, creating a human firewall for your business.

Request Cyber Risk Aware Demo 

Topics: CEO Fraud, Phishing, Spear Phishing, security awareness training

Stephen Burke

Written by Stephen Burke