What is Email phishing & why you need security awareness training in your business

I am sure you must have heard about the Nigerian prince that like to transfer his millions out of the country or the big lottery win across the oceans. These emails are phishing emails.

As John Chambers, CEO of Cisco said, “there are only two types of organizations in the 21st century. Those that were hacked and those that didn’t realize it yet.” You may have many traditional security tools and software but the most important thing you need in your business is to build a human firewall.

We speak to a lot of businesses regarding this as we are an Email Phishing & Security Awareness Training provider. Our first question is, what do you do for Security Awareness Training? Here are the responses we get

1. We send regular emails reminding our users
2. We use our intranet to publish articles about this and provide classroom style training or have regular town hall meetings
3. We use an e-learning platform and make our own videos to educate
4. We have a platform that does it for us

If you are a number 4, you can give yourself a pat on the back, relax, get yourself a cup of coffee and feel smug that you are already doing the best thing to help protect your business. Good job!

If you answered 1-3 (or even if you don’t do any of these) don’t worry, we have your back.

So, what is Security Awareness Training? According to the website Smarttech.ie,

“Security awareness training is all about teaching your colleagues and employees to understand the risks and threats around the ever-evolving cyber world. ... Security awareness training also ensures that employees are fully awake to the consequences of failing to protect the organization from outside attackers”.

A good Security Awareness Program will protect your organization against the most cyber threats. You might think, ‘How can Security Awareness Training help us? We already have the best antivirus software and security tools for protecting our network’. You may have the best tools and software in the world protecting your network but at the end of the day, your weakest link are your users. After all, more than 90% of the successful cyber attacks start from an email. You will need to train your users, period.

Let’s analyze the common ways companies try to train their users.

1. Sending email reminders

When I was an IT Manager I belonged to the category 1. I used to send out regular emails reminding users not to open attachments from unknown sources. Reminding them “don’t click on the links in an email if you are not expecting it”. A day later I sent the email someone comes to me and asks the exact thing I already emailed them about. You get the point. Nearly half of the users don’t read emails from IT dept. How do you actually measure the results? How do you know if the user has read your email? Can you run some reports?

You may think this doesn’t apply to you and think “Our users are clued up.” But, how do you know? Can you prove it? Don’t keep your head in the sand. When we start the awareness program in a new company, it’s amazing to see that on an average we get 28% of the users clicking on the links they shouldn’t be clicking. 28% is a lot when all you need is just one click on one wrong email link.

2. Classroom style training

This is really good if done right but it takes up lots of resources in terms of time and cost. Measuring the effectiveness still a bit tough unless you are using some sort of simulated phishing email campaigns. Not to mention the time users are away from their desk and how often you need to do these training's to make them effective. Why would you do that in 21st century?

3. In house E-learning platforms

Great! You are the most efficient of the bunch… almost! If you have the mechanism to train employees through the e-learning platform, somehow measure the results and produce reports. This is brilliant. How much time and money are you spending on this? Are you able to produce the reports you wanted? Are they granular? If you feel there is a room for improvement then there is an easier, cheaper and more efficient way.

4. Outsourced Email Security Awareness Training Platform

Now the final category. The platforms that are built for this exact purpose. The security awareness training platforms that can sync your users, have in-built phishing templates, training content, tools to empower end users, granular reporting and make it really easy for you to use and monitor. These platforms are relatively inexpensive and cheaper than building your own. There are SAAS, on-premise and there are cloud-hosted. Depending on what fits your business you should definitely explore these.

Are you interested in finding the right email security training platform for your business? Depending on the type of business you have, you may have different needs. Here are a few platforms that we recommend looking into.

1. KnowBe4
2. Cofence
3. Wombat

Here is a link to Gartner Peer Insights on Computer-Based Security Awareness Training to compare these options and help you find the one that’s right for you. At The TechForce our experience and expertise in security means that we only source the best solutions to make it easy to protect your business. We are a KnowBe4 partner and happy to give you more details on this. Check out our email phishing and security awareness service for more info, or our contact details to chat with one of our experts.