The weakest link
Your security is state of the art. That's great. But it is only as good as the weakest link, and the end users are the weakest link.
Which one will rise to the bait?
Phishers are becoming more and more inventive. Do you know how well your colleagues can handle personalised attacks? Or how quickly someone is prepared to open a risky e-mail attachment?
Knowledge is power
When you know who is susceptible to personalised attacks, you can inform them and make them more aware of the risks. And test them again afterwards...
at least 16% are susceptible to phishing. Do you know what this number is in your organisation?
the number is guaranteed to be lower after extensive security awareness training.
The end user remains the weakest link in the network. And this means you and your colleagues remain susceptible to cryptolockers, fraud or data theft. Our phishing software offers protection.
We bring you and your colleagues up to speed by providing training about recognizing the most diverse forms of phishing attacks and fraud. They will also get a sense of the enormous risk.
Everyone is then put to the test at an unguarded time; false phishing messages, which you or we have drawn up, are sent to your colleagues. This method ensures the students will apply this knowledge in everyday activities.
Numbers do not lie. View who clicked where, or who released sensitive information. Colleagues who are still not up to speed can be trained again.
Your organisation can only evolve into a safe environment through the regular testing of people and repeatedly addressing the risks of phishing.
When you move your mouse over links contained in an e-mail, you will see the URL to which it leads. Fortis.be may, for example, show up as fortis.bank.ru. This is an easy way to quickly recognise when you are being redirected to an unofficial site.
Do you doubt the authenticity of the sender? In Outlook, you can open an e-mail and view its properties under “File”. The e-mail headers contain technical information, and a lot can be discovered about the legitimacy of the e-mail from this.
3. Spam filter
A lot of non-personalised phishing is sent in bulk and quickly appears on the black lists of known anti-spam filters. It is a known pre-requisite, but a professional anti-spam filter is a must.
Use unique passwords and change them regularly. You really do not want to be responsible for phishing e-mails that are sent from your account to your network because you use the same password on, for example, Steam or iTunes.
Has your manager e-mailed you and asked you to carry out a large transfer “urgently and discretely”? You should first call him or her about it. Or what if your supplier sends an invoice with a “change of account number” by e-mail or post? Again, one phone call can prevent a lot of damage.
Has your IT department suddenly asked you to “re-register” or “verify data” on a page? Or have you received an unusual HR question about your remuneration containing a zipped attachment? The chances are that it is misleading. It can never hurt to verify whether it is genuine by telephone.
7. By telephone
NEVER complete a registration procedure by telephone, and never release personal data over the telephone unless you know and fully trust the person on the other end of the line. With the right background information, scammers can convince even the least gullible people.
Social engineering and Spear Phishing mean that as much personal information as possible is gathered about you so you can be targeted. So pay attention to your public profiles on Facebook, Linkedin, Twitter, etc. If your license plate, garage and vehicle type are known, for example, false maintenance invoices can be sent to your accounting department.
If an unknown sender has sent you a PDF, Xlsx, Docx, exe, etc. or .zip, you always run the risk of collecting a cryptolocker or other malware. We solve this by utilising sandboxing in which your e-mail is fully scrutinised in a virtual environment and all the links are checked.
10. 2 Factor Authentication
More and more platforms offer the option to log on using your password + a unique code generated on your smartphone. Even if scammers have your username and password, they remain powerless because they do not have your smartphone.