In-house phishing tests identify at-risk users
As compliance mandates and consumer privacy laws get tougher, businesses are taking matters into their own hands, launching internal phishing attacks to identify at-risk users.
Phishing remains a profitable tactic for cybercriminal organizations. The ability to gain access to internal systems, compromise credentials, or convince a user to wire money is well within the cybercriminals reach, accomplishing these attack results and more on a daily basis.
University of North Carolina sends 3,000 phishing tests a month
To get ahead of real attacks, UNC Health Care – and many other similarly concerned organizations – regularly test users via internal phishing attacks. Sending out 3,000 attacks monthly, UNC Health Care’s cybersecurity team can identify those users that put the organization at risk.
Employee’s not being mindful of the existence of email-based phishing attacks can be easily fooled with emails promising free gifts, package deliveries, problems with banking transactions, documents to sign… and the list goes on and on. These phishing emails highlight how vulnerable an organization’s security really is – and how they need to rely on the user to participate in ensuring security.
Security Awareness Training is the answer
Organizations wishing to enhance their security posture – like than of UNC Health Care – should be considering Security Awareness Training. Users are educated on the need to be vigilant, being taught what to look for and how to respond. Users are tested with internal phishing campaigns which allow security teams to assign additional training to reaffirm the need for users to be security conscious.
—
Cyber Safety Net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/organizations-routinely-phish-their-own-employees-to-test-their-systems-for-human-vulnerability. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.