Employee email training.
Help minimize the largest security risk: YOU.
It’s our fault. Me, you, the people to our left and right. Many of the I.T. breaches you hear about are caused by us. We clicked the wrong thing in the wrong email. We wired money from our business checking account to a thief because our CFO told us to. Or so we thought! Of course, turns out the CFO didn’t tell you to . . . a “bad guy” did. Employee email training is designed to minimize these types of breaches.
Hackers don’t need to hack computers anymore. They just need to hack people. Me and you.
But why is it so easy to deceive us?
First, the obvious: Hackers are clever. When you get paid to deceive people, you get good at deceiving people!
Second, we’re all really busy. And because we’re really busy, we don’t always give everything our full attention. We can’t. Like the 7 emails you got while reading this page. You’ll scan them, pull out what you deem important and disregard the rest. You have to! Hackers and other bad guys are counting on this!
As long as we’re giving our technology only a portion of our attention, the bad guys will always have an advantage that I.T. and security pros can never compete with.
So, hackers are counting on the fact that if they create an email that mimics the look and feel of your credit card company’s website, you’ll click on it and enter your password without thinking. And after you do, they’ve recorded your password . . . the same one you probably use on 40 different websites.
To protect our networks from these attacks, we brag about firewalls, patches, antivirus, antimalware, monitoring, content filtering, group policy and a host of other security measures. All are necessary and serve a purpose. But, the problem remains. In other words, we’re still being hacked and stolen from regularly.
It’s time we stop making it easy for the bad guys.
Let’s not invite trouble! Do not welcome hackers into your corporate and personal life! Let’s take responsibility for training our end-users and understanding the technology that we take for granted.
Certainly, if we were better about assuming ALL attachments, links, emails, and software were malicious until proven otherwise, we’d be more secure. Likewise, no one would wire money to a fraudulent bank account if they physically went to see or called the intended recipient to confirm that the request was real.
Employee Email Training is essential.
Technology Seed’s Security Team uses tools that help us understand what types of fraudulent emails are deceiving your employees. And, who those vulnerable employees are.
One of our favorite strategies involves identifying and correcting the “urge to click”. In short, we attempt to trick end-users into clicking “bad” things. And we use the same methods that the hackers use. However, the tools we use don’t have malicious outcomes. We attempt to deceive the end user and then notify them that the link that looked like a Facebook login was actually a rogue link that could have been be used to install ransomware.
The goal is to identify and train the most susceptible end-users to look at emails a little more cautiously and recognize what a threat might look like.
And let’s be clear: I’m not claiming that we can eradicate malware by reading our email more thoroughly. Nor am I expecting everyone to be a security expert. However, I AM claiming that by changing the way we react to and deal with email (and other technologies), we can turn the tables on the bad guys. Above all, we can take the advantage away from them.