"Social engineering bypasses all technologies, including firewalls. Technology is critical, but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics.”
- Kevin Mitnik “The World’s Most Famous Hacker.”
Every cybercriminal knows that humans are the easiest way to access company data. And they are getting smarter. In the last month, we've seen a significant rise in companies affected by email phishing, and it's often simply because staff are too trusting.
New school security awareness training.
Some simple starting points your team can adopt:
Don’t trust that an email is legitimate because it was sent through a trusted email address. Cybercriminals can steal email addresses to make their scams more believable.
Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click. This could include lines such as "your email domain is about to expire" or "Your account password has been hacked, click here to secure it now"
Never click a link or download an attachment in a message that you aren’t expecting.
Hover or right click for more information about links, even if the email looks legitimate.
Our partner KnowBe4 has developed a training model to educate and build awareness of influence tactics, so companies can increase security from staff to systems. Simulated phishing tests are urgently needed as an additional security layer. Phishing your own users is just as important as having an antivirus and a firewall - and as we know with learning, the best way is to practice!