1 in every 99 emails is a phishing scam – for American employees, this comes out to 4.8 emails per employee in a five-day workweek. Can your employees avoid five phishing scams a week?
There’s a way to find out.
One of the best ways to assess your small business’s email security is to send out a simple test: a fake phishing scam. Phishing your own employees might seem counter-productive, but it’s an excellent method for determining who’s up to snuff on their email security protocols – and who needs extra training.
What is phishing?
Phishing refers to scamming someone using a “lure,” like a fake email, a phony log-in site, or an infected link. It’s a very common tactic for Internet scammers.
To successfully “phish” for private information, a scammer can send a phony email asking someone to update their password, approve a wire transfer, or view an invoice. Sometimes, these scams lead to a website that looks official and requires a login and password – but attempting to log into the site just sends your information right to the scammer.
In particular, small businesses are often targets for phishing scams, because it’s easy for hackers to collect information on their targets to make a believable scam.
(Fun fact: The term “phishing” originated from a 1996 run of hackers who broke into America Online accounts, using email to “fish” for passwords and financial data. The “ph” as a nod to phone phreaking, the earliest form of hacking, which John Draper created as a way to get free long-distance phone calls in the 1970s.)
How does a phishing test work?
There’s an excellent way to test your employees’ knowledge of and response to phishing attacks: with a fake phishing scam of your own. In a phishing test, our team of email security experts will craft a phishing scam that looks legit (but can be circumvented with common sense email security tactics).
We send that scam out to your team and collect the results. Once we see how your team reacted to the test, we can make recommendations for further security measures and training.
What do I do with the results?
A phishing test collects data on employees who:
– Click a link that looks suspicious
– Open an attachment without checking it first
– Follow instructions without verifying they’re legitimate
– Log into phony websites with real username and password data
Once you have this information, you can assess the actual security strength of your team. Do your employees know what a phishing scam looks like? How likely are they to fall for one?
Most importantly, a phishing test helps you identify what your employees would do in the event of a real phishing attack. And the test results help you make a plan to lock down your security in the future.
Now that I’ve finished this phishing test, what are the next steps for my small business?
Once we’ve set up the test, “phished” your employees, and collected our data, the team at Grand Technology Solutions can make recommendations for ways to improve your email security. Depending on your team’s results, these recommendations might include:
– Scheduling security training for your entire team
– Setting up automatic quarantine of potential phishing scams (for example, with GTS PhishGuard)
– Locking down data transfers (for example, with GTS EncryptGuard)
– Setting up secure password storage (for example, with the GTS Password Portal)
– Overhauling your system with a complete small business security package (for example, with GTS O365 Guardian)
With the right tools in your tacklebox, you can avoid falling for phishing scams. Protect your small business today with the best in small biz security. Give Grand Technology Solutions a call at (904) 606-6011 or email firstname.lastname@example.org to schedule your phishing test today!