Security Awareness Training
Help minimize the largest security risk – you.
It’s our own fault. Many of the I.T. breaches you hear about are caused by us. We clicked the wrong thing in the wrong email. We wired money from our business checking account to a thief because our CFO told us to…or so we thought! Of course, it turns out that the CFO didn’t tell you to, a “bad guy” did. This brings to light the important of employee email training which is designed to minimize these types of breaches.
Hackers don’t need to hack computers anymore. They just need to hack people.
But why is it so easy to deceive users?
First, the obvious: Hackers are clever. When you get paid to deceive people, you get good at deceiving people!
Second, everyone is really busy. Because of this, we don’t always give our full attention to everything we do. We can’t – it would be impossible. Like the seven emails you got while reading this page? You’ll probably scan them, pull out what you deem important, and disregard the rest. You have to or you wouldn’t be able to get anything done! Hackers and other bad guys are counting on this!
As long as we’re giving our technology only a portion of our attention, the bad guys will always have an advantage that I.T. and security pros can never compete with.
So, hackers are counting on the fact that if they create an email that mimics the look and feel of your credit card company’s website, you’ll click on it and enter your password without thinking. After you do, they’ve recorded your password… the same password you probably use on 40 different websites.
To protect our networks from these attacks, we brag about firewalls, patches, antivirus, antimalware, monitoring, content filtering, group policy, and a host of other security measures. All of these are necessary and serve a purpose. However, the problem remains and we are still being hacked and stolen from regularly.
It’s time we stop making it easy for the bad guys.
Let’s not invite trouble! Do not welcome hackers into your corporate and personal life. Let’s take responsibility for training our end-users and understanding the technology that we take for granted. If we were better about assuming that all attachments, links, emails, and software were malicious until proven otherwise, we’d be more secure. No one would wire money to a fraudulent bank account if they physically went to see or called the intended recipient to confirm that the request was real.
Security Awareness Training is essential.
DAS Service’s Security Team uses tools that help us understand what types of fraudulent emails are deceiving your employees – and who those vulnerable employees are.
One of our favorite strategies involves identifying and correcting the “urge to click.” In short, we attempt to trick end-users into clicking things they shouldn’t. We use the same methods that the hackers use. However, the tools we use don’t have malicious outcomes. We attempt to deceive the end user and then notify them that the link that looked like a Facebook login was actually a rogue link that could have been be used to install ransomware.
The goal is to identify and train the most susceptible end-users to look at emails a little more cautiously and recognize what a threat might look like.
And let’s be clear: We are not claiming that we can eradicate malware by reading our email more thoroughly. Nor are we expecting everyone to be a security expert. However, we are claiming that by changing the way we react to and deal with email (and other technologies), we can turn the tables on the bad guys. Above all, we can take the advantage away from them.
Talk to us about training your employees to recognize and mitigate email threats.