The key to keeping your business safe from ransomware attacks is to stop phishing attempts in their tracks. There are many ways your business can fight these attacks, but we believe one of the most effective ways is through ongoing employee training.
A strong firewall, a secure email account and managed email screening will stop the vast majority phishing emails from getting through, if not all of them. Similarly, multifactor authentication (MFA) can limit the impact of successful phishing attempts by making it harder for attackers to access business accounts. But you’ll never be able to guarantee that one malicious email won’t slip through.
The only surefire way to protect your business is to make sure your employees have a great awareness of these attacks and keep their guard up constantly. Random emails should be met with suspicion as default and employees should be trained not to open any email they distrust.
The problem is that no one believes they will click on malicious links during training sessions where they are primed to notice these attacks. Worse still, employees can become resistant to any further training and much more likely to practice poor email hygiene as a result.
That's why the first step for any business is to assess the size of threat you face and make employees aware of the risks. We recommend businesses do so by undertaking a simulated phishing campaign with all of their employees, tracking who opens each email, who clicks on any links and who downloads attachments.
This isn't a witch hunt or an exercise designed to call employees out. It's about understanding whether there is an existing problem in your businesses, identifying how big that problem, and showing your employees they are more susceptible than they might think.
Once you’ve identified there’s an issue, you’ll want to set up an automated and unobtrusive security awareness training programme that keeps the threat of phishing emails in the forefront of your employees’ minds.
We provide our clients with short, interactive videos complete with quizzes to make sure employees have grasped the key concepts. These training sessions are also trackable, so you can identify which employees are completing training and prove to regulators that you are fulfilling your requirements.