At Bob’s Business, it’s our primary focus to teach organisations how to protect their data and mitigate phishing attacks. By nature, we all make mistakes, and the majority of us will at some point get caught up in a phishing net; our aim is to keep you up to date on best practices.
It’s no surprise that phishing attacks are becoming increasingly common when human error remains one of the easiest ways to infiltrate a network. And to add fuel to the fire, it’s easier than ever for spammers to get hold of your email address thanks to automated software, hackers and data purchasing. ‘Phishers’ cast a wide net in the hope that just one person will fall foul to the attack.
Phishing: The Scale of the Problem
Every day, over 150 million Phishing emails are sent. Almost 16 million of which get through spam filters, 8 million are opened, 800,000 links are clicked, and 80,000 users fall victim to cyber criminals. Daily! The phishing stories we often hear in the news are only the tip of the iceberg. It might surprise you to know that around 70% of organisations keep their worst security incidents under wraps!
Think Before You Click! But fear not; our simulated phishing campaign will enable your employees to understand everything they need to know about Phishing and safeguard your critical data and theirs. ‘Think Before You Click!’ is a powerful, engaging training campaign that will show your staff the very real dangers of Phishing, and teach them how to protect your organisation and themselves in a way they will never forget.
How the Campaign Works
1. Initial Awareness
We begin by introducing your staff to the concept of Phishing – what it is, the harm it could cause, and what an attack might look like. We deliver this information in the form of both online and offline training material, including emails, pages for your company intranet, and printouts and posters for the office. Once your staff have had sufficient time to absorb the content of the training material, we’ll begin the practical assessment.
2. Practical Assessment
We will launch a simulated phishing attack that targets all employees involved in the campaign. Don’t worry! No harm can come of this, and anybody who falls for the attack will simply be directed to the tailored eLearning program and encouraged to brush up on what they need to know. They will be able to test their knowledge at the end of the course, and if their score is below 90% they will be required to redo the training. This part of the campaign is a great way to catch the attention of those who might not have yet understood the dangerous reality of Phishing.
Once the training has been complete and your employees have all improved their scores on the quizzes and tests that are provided, you can choose to repeat the process periodically. Even if your staff are expecting the mock attack next time, it gives them an extra reason to be super-vigilant and keep their eyes open for the real thing.
What Phishing Training Includes
Even though part of the program involves a mock phishing attack, the training is designed to be positive, encouraging and friendly. As well as the unique training material for your office and intranet, the campaign also includes a bespoke eLearning module designed with our signature mix of animation and interactivity for maximum engagement and retention. During this campaign, your staff will learn:
- What a Phishing attack is
- How a Phishing attack works
- What harm a Phishing attack might cause
- What Spear Phishing is
- How to avoid becoming a victim
- Actions to take if you become a victim
Are you hooked and want to find out more? Get in touch.
Bob’s Top Tips on Phishing
- Be wary of emails that ask you to update your security information.
- Never divulge your username or password to anyone.
- Don’t click on links in emails without checking the URL.
- Always type the web address of trusted websites into the browser yourself.
- Be wary of grammatical errors or misspellings which are designed to fool spam filters.
- Make sure your spam filter is always switched on.
- Always check the email looks legitimate; look out for unusual branding, bold emotive language or poor spelling.
- Should you be unlucky enough to fall victim to a phishing email, report it to the website being impersonated and/or the police immediately.
- If you receive an email and you are unable to work out whether or not it is a phishing email, report it to the website from whom it claims to be from before you take any action.
- Sense check! Follow your gut instinct; if something doesn’t feel right, it’s more than likely phishy!