Phishing is on the rise, time to train and test your staff

  • May 9, 2020

In the new world of Covid-19, businesses are looking for ways to cut costs. We believe that spending money on employee training could help you avoid much bigger costs, here’s how.

Phishing on the rise!

By now hopefully you have somewhat adjusted to a new world, whether that is working from home, working with a skeleton crew, or just waiting at home for the Covid-19 crisis to break. Not surprisingly, Covid-19 has brought many changes!

In the past thirty (30) days, experts have seen a spike in phishing emails. One source stated that phishing attacks increased by 40% during the month of March. Another source said their organization has seen phishing and other scams rise 667%. While there is a big difference between these two numbers, both result in your organization being more at risk than ever to fall prey to a phishing attack.

Why is this happening now?

Hackers are always looking for a reason to attack, something that users might fall for. With all the current anxiety in our users regarding the Covid-19 crisis, users are ripe for an attack from hackers.

For example, email headlines include:

  • Announcements from the CDC of how to remain safe.
  • How to get your government check.
  • What Covid-19 symptoms might look like?

As a result, the scammers are having a field day with your users.

Why might this be a bigger risk during Covid-19?

When it comes to defending your users, there is safety in your office. In your office you have a next-gen firewall protecting your users and watching for hackers attacks. You also have other users around to review with you a suspicious email. Alone at home, a user is more likely to just go ahead and click on that link/attachment, etc. And should they click, their firewall back in their office cannot protect them, their only defense is their antivirus software. This is helpful, but not as powerful as the firewall at the office.

Why does phishing work?

  • The message uses a sense of urgency to get you to click now.
  • The message will imitate a legitimate entity to make you feel it is safe.

So we get phished, why should we be concerned?

The most deadly result is called ransomware. This is a pernicious tool that will at minimum, cost you a lot of time and money, and the worst case could put you out of business. The bad actors literally encrypt all of your data and require you to pay them a ransom to obtain the key and be able once again to access your data.

What do these attacks look like?

  • “Click here to determine the status of your government stimulus check”
  • “Click here to apply for the PPP loan”
  • “CDC announces new ways to protect you against Covid-19, see attachment for details”

In other words:

  • The message uses a sense of urgency to get you to click now.
  • The message will imitate a legitimate entity to make you feel it is safe.
  • The message will ask you to click a link or open an attachment.

Remember, the message will use a sense of urgency, will imitate a legitimate entity, and ask you to click a link or open an attachment. DON’T DO IT!

So how do we do to protect ourselves?

First of all, understand that approximately 60% of successful hacks are initiated via email. Yet, a recent study stated that only 39% of users have been trained on safe internet utilization. What is the answer? Train your users!

As you might recall, this blog started out by discussing cost avoidance and you might ask, how is spending money on my employees cost avoidance? We have all heard the saying you have to spend money to make money and probably have seen it applicable to our business.  By spending money to train your employees, you will avoid a potential huge expenditure, one that would make the expense of employee training pale in comparison. Do you remember how the Fram oil filter commercial used to say, “you can pay me now, or pay me later? That training could be just the ticket to help you avoid a horrendous expenditure in the future!