Security Awareness Training and Policies

When is the last time you did security awareness training?  Do you continue to update and remind employees about your security awareness policies?

As stated in Microsoft Security Intelligence Report, the percentage of inbound emails associated with phishing on average increased in the past year. “Even while technology is getting better at detecting phishing, it continues to be a threat due to the human nature of it.”

As CIT has talked about in our, Practically Secure Infosec for Everyday Life , using multi-factor authentication (MFA) and Two Factor Authentication (2FA) is a must along with changing your password on a regular basis on all accounts.  But, the leading causes of phishing issue are human errors/users.  

 “Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:

  • An incorrect email address or one that resembles what you expect but is slightly off.
  • A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.
  • Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you’re letting them down if you do not make the urgent payment.
  • Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?”

97% of people can’t spot a well written phishing email. This is why it is important that employees are able to detect these threats and respond appropriately.

Don’t Gamble with Your Security.  Ask CIT about our full suite of email and identity protection products and training.

Corporate Information Technologies provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised. 

Contact us to learn more and let us show you how good I.T. can be!