Why You Should Scam Your Own Employees
By Roger Murray | February 2nd, 2017
Identifying network vulnerabilities, as well as the right tools to address them, have become of major concern to many organizations. According to industry leaders, businesses should consider a rather unorthodox approach to educating and identifying exactly how prone they are to a data breach, scam their employees.
Simulating phishing attacks provide a quantifiable insight at precisely how employees interact with suspicious attachments and/or links received in their Inbox. While most employers miscalculate the degree of how much of their workforce can be coerced into clicking on unknown links, the results are irrefutable.
“Tricks” Aren’t Just for Kids Anymore
One of the largest caveats to overcome when discussing ethical phishing simulations is with decision-makers who don’t wish to “trick” employees because it is embarrassing or makes them look bad. While it is certainly a perspective to consider, another way to look at it is “enlightening” employees to garner a heightened level of awareness and security. The enormous amount of damage a single breach can incur for a business in damage, cost, and headache are immeasurable.
While organizations should never point-out individuals on the pretense of embarrassing them among peers, there is a strategy you can implement to confidently correct end-users who are click-happy, and thus endangering your network.
Results & Next Steps
The old-school days of gathering employees in a room to view a PowerPoint presentation on the pretense of free donuts and coffee just doesn’t work anymore. Information doesn’t get absorbed, and often employees spend the time fiddling with their mobile devices, doodling on a notepad, or blankly staring until their eyes glaze over.
To have a more meaningful result, utilize the findings in the phishing simulation to develop a training program on ways to spot malicious links and/or attachments which could be infected with malware. Today, the likelihood of the attachment containing Ransomware which encrypts the workstation and/or network is considerable.
To effectively fight the onslaught of cybercrime, you need an educated workforce. Social Engineering Defense is not a course taught in most Universities, it is up to you to cultivate a workplace culture that understands it is everyone’s responsibility to protect the data your business holds dear.
TSI partners with industry leaders to provide unmatched phishing campaign development, as well as thorough training resources to educate our clients workforce. Want to Schedule a Consultation to discuss end-user/network security? Contact Us today!