是人. Your employees are your biggest vulnerability—at least until they are prepared to recognize 和 report phishing attempts. Phishing 和 related social engineering campaigns are today’s number one attack vector. 超过90000 unique phishing campaigns are launched every month. 调查显示 that phishing is seen more than any other type of threat, that phishing 和 social engineering attacks are the number one concern of security professionals.
It’s impossible to prevent 钓鱼式攻击 by purely technical means. That’s where phishing awareness comes in. Phishing awareness training educates employees on how to spot 和 report suspected phishing attempts, to protect themselves 和 the company from cybercriminals, 黑客, other bad actors who want to disrupt 和 steal from your organization.
Keep your employees vigilant of common Indicators of Phishing (IOPs) found in the workplace.
查看信息Phishing awareness training starts with educating your employees on why phishing is harmful, empowering them to detect 和 report phishing attempts. Depending on your organization’s culture, you can deliver this initial training via a written document, 一个在线视频, company or department meetings, 课堂培训, of some combination of the above.
Simulated phishing campaigns reinforce employee training, help you underst和 your own risk 和 improve workforce resiliency—these can take many forms, 比如大规模网络钓鱼, 鱼叉式网络钓鱼, 捕鲸.
Nothing teaches like experience. When employees click on a link or an attachment in a simulated phishing email, it's important to communicate (nicely, of course) to them that they have potentially put both themselves 和 the organization at risk. You can then display a “training page” that reinforces the dangers of phishing 和 reminds the employees how to report suspect emails.
使用结果, such as the attack types that were most successful 和 which teams were most vulnerable, to focus your security monitoring, strengthen your phishing awareness training, add additional defenses for 网络钓鱼保护. You can also use the results to track the progress of your phishing awareness program 和 document improvements.
Starting a phishing awareness program doesn't have to be daunting. 了解更多.
In this week’s Whiteboard Wednesday, we outline how to implement a phishing awareness program to improve employee resilience in 5 steps.