W^H? The Holmes Murphy Blog

  • Phishing – Don’t Take the Bait!

    It’s a bit sobering to hear (or read), but cyber threats are becoming more and more complex, and your organization’s proprietary information is at risk almost constantly. Even with the most sophisticated Information Technology (IT) experts and emerging security technologies, an enterprise cannot be and, frankly, is not ever fully secure.

    So, what can your organization do? Our advice — understand and prioritize a security-centric mindset at every level of the organization.

    This starts with a security awareness program that includes regular employee awareness and training from starting employees to the highest level of leadership.

    Employees are your biggest asset, but they can also be your biggest cyber liability, especially in the ever-evolving cyber security space.

    Evolving Phishing Attacks

    While we could spend all day talking about the various cyber security risks and threats facing your organization, I want to key in on phishing.

    Phishing really is similar to the actual method of fishing. A scam email is sent hoping that the innocent will click on the link (bait) — setting the cyber attack in motion. The most common phishing attempt is a message stating there has been fraudulent activity on your account and prompting you to click the link to update your information in order to prevent further fraud.

    You’ve probably seen them. Hopefully you haven’t clicked the link. Many of these are easy to spot, but not all. That’s because cyber criminals are becoming increasingly “smarter” with their methods of getting end users to click on a link or attachment in a message.

    For example: An employee might get what looks like a message from the Chief Financial Officer asking for help with a monetary issue. It’s the CFO, so of course the employee wants to help. But guess what…that email could very well (and likely is) a phishing attempt.

    Options for Cyber Security Employee Training

    Because security is important to every industry, engaging your employees in consistent and relevant security training can help best protect your organization against this cyber threat.

    Through our TechAssure membership and their partnership with eRisk Hub and Symantec, our clients have access to a 6-part security & awareness training program with comprehension quizzes. Topics in this training program include:

    • Password security
    • Privacy
    • How hackers get in
    • Information on the internet
    • Working remotely
    • The human firewall

    A security awareness training program for IT professionals is also available. Additionally, as part of our TechAssure and eRisk Hub partnership, the following are also available:

    SkillBridge — Security awareness training modules through SkillBridge are available for both general employees and IT professionals. Plus, you can get access to security and privacy awareness best practices training. This includes hurdles to overcome within the training, pertinent content that should be included, metrics, and frequency.

    KnowBe4 and Cofense — Phishing resources are also available, which includes the most recent blogs from KnowBe4, a claims news feed from Cofense, phishing email samples and red flags, and of course, solutions available through Symantec, and Cofense.

    Learn More by Reaching Out

    If you’re interested in learning more on any of this, don’t hesitate to reach out! We have cyber experts on hand to help and can walk you through all of the resources available.

    Plus, to see the first three blogs in our Cyber Security 7-part series, click here. Don’t miss out on our next installment coming September 9 and subscribe to our blog, just to the right on this page.

    Published on: 08.26.21