person in a boat  fishing on still mist covered  water, a  duck  swims  in the corner of the frame
PHOTO: Johannes Plenio

Phishing is incredibly common. In 2018, 83% of people received phishing emails, and an average of 64% of businesses experienced phishing attacks. Junk mail filters on email are your first line of defense, and specialized security software is your second line of defense. But even with a small percentage of these emails making it through your company’s defenses, too many attempts are successful. Phishing attempts are up as people are forced to work from home, so training your staff on how to spot phishing attacks is crucial.

Why Phishing Works

Forty-nine percent of hackers prefer to exploit human emotions rather than trying to find weaknesses in a network or program. Manipulating human emotions is far simpler and can be done easily in most cases. Hackers know they can play to your sense of urgency with email subject lines like “Toll Violation Notice,” “Invoice Payment Required” or even something that appeals to your sense of self-preservation like “Updated Building Evacuation Plan.”

Getting you to open their emails is step one, but then getting you to click whatever link they ask you to click or reply with whatever data they are looking for seals the deal. And hackers don't only turn to the inbox to reach would-be victims: 93% of social media attacks are phishing related. Why should businesses take notice? Because one in three consumers will stop using a business after a data breach.

Related Article: Why You Shouldn't Make Fun of Mark Zuckerberg's Password

Train Employees on How to Spot Phishing Attacks

Training employees is crucial, especially during the pandemic when everyone is using personal devices and working from home. Typically, employees are taught to forward suspicious emails to the IT department, but IT professionals report that just 15% of the emails they receive end up being malicious.

Feedback is the key to effective employee training and can still happen despite working at home. Giving employees feedback on whether they are flagging emails correctly helps them better spot malicious emails in the future so they can be more effective as your company’s last line of defense. Rather than punishing employees who fall victim, which can have the unintended consequence of them not telling you when they may have clicked something malicious, it’s important to note that positive reinforcement and education is far more effective. In fact, 76% of professional phishing victims receive training rather than punishment, further strengthening their knowledge base.

Related Article: How They Hack Your Website: The Ultimate, Updated Overview of Common Techniques

Employee Training Is Your Last Line of Defense

Despite the fact that many organizations hold cybersecurity training on a yearly basis, a shocking 35% of employees still don’t know what “phishing” means. Even online training courses can be helpful when employees aren’t physically present to sit through seminars. Education opportunities abound, and what better time than now to have employees brush up on anti-phishing information?

Seventy-four percent of hackers say they are rarely impressed with an organization's security measures, so it’s time to beef yours up. Training employees to spot phishing attempts, giving them feedback on their efforts, and giving them the tools they need to apply their training to real world experiences can keep your company out of the phishing net. 

More than half of information security professionals believe that training employees has been effective in preventing phishing attacks. In 2018, 93% of security breaches involved phishing attacks, underscoring the need to fight back against this prevalent form of security breach.

Learn more about how employee training can prevent successful phishing attacks from the infographic below.

Getting Out of the Phish Net
Getting Out of the Phish Net