Stop phishing attacks through more effective training and positive company culture
Phishing attacks, where someone sends a fraudulent email, call or text in order to trick the recipient into giving up information, accounted for more than $10 billion in losses in the U.S. during 2023, according to data from the Federal Trade Commission. And these threats are on the rise: in the past six months, we’ve seen a 314% increase in malicious phishing links, QR code and attachment threats and business email compromise. The prevalence of AI writing tools like ChatGPT allows scammers to produce emails in a higher volume that don’t have some of the trademark mistakes that often expose scam emails. They can also train AIs on successful phishing attempts to make for harder-to-spot campaigns in the future.
For your business, you must rely on your employees to keep phishing attacks at bay and protect your information. These messages are always evolving and getting harder to spot, so it’s key to train your employees on how to deal with these attempted attacks. This is an ongoing battle, so make sure your employees are being taught and reminded of this information throughout their time at your company.
Introducing Phishing At the Initial Briefing
This is your first opportunity to cut these threats off before they happen. Your employees may have varying levels of familiarity with recognizing malicious correspondence. This is where you should give them as much information as you can on the tells that may tip them off to the legitimacy of the messages.
If someone at your company has fallen for a phishing attempt in the past, this could be a valuable teaching tool for onboarding. Show that someone made a mistake and talk about what was done to resolve it. This also gives new hires a look into what they might actually see in their inboxes instead of reviewing more general examples.
The initial security briefing is a great opportunity to start getting your security team, or whoever in your company oversees response to insider threats, in front of your employees. That relationship will play a large role in your insider threat prevention.
Building a Positive Relationship with the Security Team
While you can train your employees to recognize the signs of a phishing attempt, there will still likely be slip-ups. Here, you want to figure out what may have been compromised and how to mitigate damage. However, if your employees don’t feel safe coming forward, then you might not know until it’s too late. This is when it’s important for your staff to have a good relationship with whomever they’ll be reporting to.
There are a few different steps you can take to build this relationship. First, it’s important to press on your personnel that there is room for them to make mistakes. If someone fears punishment for responding to a fraudulent email and doesn’t let security know, the consequences could be far worse. Make sure everyone knows from the start that they can admit when they’ve slipped up.
Employees need to see the security team outside of when someone’s in trouble. Your security team could host events that mix fun with information. They could even hold contests over email where employees win a prize for doing things like finding the warning signs of a potential phishing scam. Your company culture will ultimately play a role in how effective your team is at stopping these threats.
Click here to download a high-res version of this poster
Updating Trainings For Better Engagement
This is a topic you’ll want to be sure you’re touching on regularly with your employees. When you’re having to repeat information at multiple trainings, it can get repetitive, so be sure to keep your trainings engaging long-term.
Phishing attacks are always adapting in an attempt to catch more people off-guard, so you can’t let your training become stagnant. Make sure you’re regularly updating what examples you use and what you tell people to watch out for. With the prevalence of AI technology, they can be constantly evolving, so security leaders have to keep up.
Prevention of these kind of attacks starts at the top. Your employees are an important line of security, so you have to be sure to equip them with the knowledge they need to spot when fraudulent messages come through. The way you treat people when they make mistakes will also set the tone for whether people in the future will come forward.
For help in leading these efforts, Adamo can come alongside you for trainings with your team. With Adamo as your security partner, you can build a more effective security force in your company. Contact us today to learn more about how we can help you advance your security.
Originally published July 2021. Updated to reflect current phishing statistics and trends.
