Pro Tech Guy Logo
CALL US
508-364-8189
855 Worcester Rd.
Framingham, MA 01701
  • Home
  • About
  • Services
    • Cloud Care
    • Business IT Services
  • Get Help
  • PTG News
  • Podcast
  • Contact

Are You Sabotaging Your Employee Phishing Training by Doing This?

February 2, 2022 by Kyle Kenyon

Are You Sabotaging Your Employee Phishing Training by Doing This?

Imagine this scenario: you’re a managing director of a small business. One day, you receive an email from one of your suppliers stating that it is time to renew your annual subscription. 

The email states that this is the last day you can renew before your company’s access to the service is prohibited. You think to yourself that you must have missed the other emails, which isn’t surprising as it’s been a busy month.

Unfortunately, you are about to head into an important meeting. So, you forward the email to a couple of junior members on the team who are familiar with the service and ask them to take care of it. 

Without you realizing it, you’ve just forwarded a phishing email to your staff. Your junior employees are keen to impress, so immediately stop their current tasks to jump on your email and proceed to share sensitive data with the email address in question. 

Within minutes, your company has lost thousands of dollars to cybercriminals, and it will take weeks to recover. 

Why you shouldn’t forward emails to your employees without due diligence

The scenario above isn’t just hypothetical. It has happened to countless organizations over the last few years. In 2020, 75% of companies across the globe faced phishing attacks, and 74% of those in the US were successful. 

To defend against phishing attacks, many organizations deploy employee phishing training modules, which equip employees with the knowledge they need to spot phishing emails.

However, this training will most likely go out the window if an employee receives a phishing email forwarded to them by their boss. Even the most tech-savvy junior staffer is unlikely to question a request from a senior member of their team. 

How to conduct employee phishing training that works 

Employee phishing training is a great way to reduce the likelihood of your people falling victim to phishing scams. However, for phishing training to be practical, you need to ensure that every employee is playing their part – from your newest employees to your co-founders. 

You see, every single person in your organization is vulnerable to phishing. A scam email could land in any one of your inboxes. You need to be sure that your senior and junior employees can spot these emails and take the right course of action. 

In fact, managers and business leaders are often more of a target for phishing than junior employees. This is because cyber attackers realize that senior businesspeople tend to have more authority and access privileges than junior team members. 

Here are a few things to bear in mind to ensure that you aren’t undermining your employee phishing training efforts: 

Conduct regular, bite-sized training for all employees 

Annual IT security days aren’t enough to keep phishing awareness front of mind. We recommend altering your training program to deliver ‘micro learning’. These are bite-sized training sessions between 5 and 10 minutes, which can easily fit into the working day. 

Create a security aware culture 

Enhance phishing awareness in your company by incorporating security updates into your weekly team meetings and/or newsletters. This will highlight the importance of security awareness to your employees as well as encourage senior members of staff to lead by example. 

Be specific about your forwarding preferences 

There will always be times when an urgent request comes in, and you don’t have time to deal with it. At that point, we recommend you forward any suspicious or urgent emails to your IT administrator or outsourced IT team. You should make this a rule amongst your senior staff. 

Your IT provider will have the experience and expertise to differentiate a legitimate email request from a fraudulent one and critically assess such an email. This also takes the pressure off junior members of the team, who are more likely to be eager to please and less likely to be suspicious of a forwarded request. 

Deploy the right anti-phishing solutions

In an ideal world, no phishing emails would land in your company inboxes in the first place. While the odd phishing email will always slip through, there are solutions you can deploy that will drastically reduce the velocity of phishing attacks you receive. 

Reduce the Number of Phishing Emails Your Staff Receives 

How secure is your network against the newest forms of phishing? Pro Tech Guy can help your Framingham or Natick company with a cybersecurity audit to identify and address any weaknesses.

Contact us today to learn more. Call 508-364-8189 or reach us online.

 

Filed Under: Business - null

Share:

Follow Us

Hours & Directions

M-F 9AM to 5PM

Click here for updated hours and directions

Our Services

> Cloud Care
> Business IT Services
> Home Computer Repair
> New and Reconditioned Computers

VISIT US

Reviews

Recent Posts

  • Are You Sabotaging Your Employee Phishing Training by Doing This?
  • What Should You Look for When Auditing Your Privileged Accounts?
  • The Biggest Cybersecurity Mistakes That Can Leave Your Company at Risk
  • 5 Technology Resolutions You Should Make for the New Year
  • What IT Issues Can We Solve Using Remote Support?

Copyright © 2023 · Pro Tech Guy · 855 Worcester Rd., Framingham, MA 01701