If the answer to any of these questions is ‘no’, then you are not alone. Employees remain the weakest link in the battle against cybercrime and are criminals number one target.
Although most users now know not to click on links in emails from addresses that they don't recognize, many are still willing to take the identity of a sender at face value.
If an email appears to be from a colleague, particularly if it appears to come from someone higher up the food chain, then most employees will click links, download files or take action on the basis of the content.
Social Media Scams
The same holds true for social media, despite high-profile scams taking place where fraudsters copy profile pictures and create a duplicate identity to interact with a person's friends list, many users still don't perform even basic checks to confirm the identity of the person they are speaking to.
What this implies is that, although your employees might be aware of the problems, they may still engage in risky behaviours. Fraudsters put a great deal of effort into their scams; they will research a firm so they are aware of the names of staff and use industry language which all give the impression that the target is speaking to another member of staff.
So, how do you change employee behaviour without making your workforce paranoid and without tying every decision up with so much security?
Security Awareness Training
The answer is that, in addition to investing in firewalls and other cyber security essentials, you need to continue to educate your staff about how fraudsters may approach them to ensure they are not prone to a phishing attack. Keeping a checklist of what to look out for in emails from new senders, as well as a policy for reporting possible cyber security incidents and a procedure for dealing with them will mean that word can spread as quickly as possible.
A Comprehensive Cyber Security Program
If you're not certain how your employees would respond to a phishing attack, it’s best to find out now. Watch an on-demand demo of the Cyber Risk Aware platform to learn more about the services we offer to evaluate employee actions and give them feedback and education, creating a human firewall for your business.