75 percent of enterprise employees may click on phishing linksFriday, April 8th 2011 @ 7:31 AM (not yet rated)
The article in the link below from Threatpost.com contains a great interview with an email Phishing expert, which all managers should read. In tests run on some organizations, typically 75% of employees fall for phishing links. The Threatpost article explains how attackers are preying on employees' potential sense of curiosity, fear and shame. For example, some phishing attacks include a fake Facebook email notice that claims the recipient has had a negative comment on one of their personal Facebook photos or posts, or that the recipient has been tagged in a photo. This is sure way to prompt people's emotions to over-ride their normal spam-filtering attitude. The way these messages are crafted tends to put people on the defensive, and they want to see what people have said, in hopes of taking action.
The article goes on to say that the best way to counter this is with an employee training campaign that clearly identifies the risks and the kind of sneaky methods the attackers are now using to get people to click on links to malicious websites. While malicious attachments are now harder to get into corporate networks due to more effective firewall filtering, it's much harder to block links to potentially dangerous websites. So, employee education is really the last line of defence in many cases, to prevent successful malware infections and identity theft.
Here's a link to the article (click HERE).
Blatant Plug for Streetwise Security Awareness Coaching and Training Services... (read on if you are concerned that phishing attacks could put systems and data at risk in your organization)
Don't forget, training employees on security awareness is what I do. Lately, I've developed a number of very cost-effective security training products to address these kinds of problems, including a self-service Computer-Based Training package. The Streetwise Security Awareness eLearning product is an easy-to-administer Intranet website (hosted by your organization, not on a third-party site) where you can direct employees to learn about the most common Internet and information security threats, together with my recommended Streetwise Security Basics best practices. Employees can see an introductory video - endorsed by, or even featuring your CEO - that explains the importance of the program. Staff can work through the 50+ screens of easy-to-navigate content at their own speed. The site can also include an embedded quiz that can allow employees to do private self-assessment (without recording results), or it can record quiz scores for compliance evidence, if necessary. The feedback I've received on this program's effectiveness has been very positive.
I've also received great feedback on my live Streetwise Security Awareness Webinar for the entire enterprise, in a very cost-effective arrangement using GotoMeeting or GotoWebinar. These web-based seminars typically last between 1 and 2 hours in duration, including a number of breaks to take questions and provide responses, with the organization's IT management on the line.
Of course, I can also provide live on-site training, which provides the most direct interaction between security coach and employee.
If your organization is looking for innovative, cost-effective security awareness tools or training, please call or email me at the coordinates below; or CLICK HERE to learn more about Streetwise Security Awareness solutions.
The Streetwise Security Coach
Join the Streetwise Security Zone at:
Twitter ID: http://www.twitter.com/streetsec
To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.