05 Nov Protect your Business from Cyber-Attack with Phishing Simulation Training
According to a recent report, almost half of UK SMEs were subjected to phishing attacks in the past year. And the perpetrators are getting increasingly sophisticated, disguising themselves in emails that appear to come from trusted organisations. Their aim is often to obtain financial information, customer contact details or other sensitive data. At best they can result in embarrassment for your company, at worst data loss or even financial fraud. Phishing can also be used by cyber-criminals to spread malware and other nasties through infected attachments.
Phishing Simulations as a Training Tool
How can you be sure your employees know how to recognise and deal with an attempted phishing attack? An effective way is to simulate a phishing campaign and send it to your staff to see how they deal with it. Not only will you see if they know how to recognise a phishing email and respond effectively, you can also use it as a training exercise and to raise awareness about cyber-security in your business.
A Phishing Simulation Case Study
There are many different levels of phishing simulations. At Transpeed we recently conducted a very simple simulation which was an incredibly effective learning experience.
We started by constructing a basic website that logged who accessed it and redirected them to Google.
We then sent two fake emails a week apart, one adapted from an Amazon email about failed order and one from a DPD email about a failed delivery. The links in the emails were changed to go to the bogus website and were given a unique identifier so we know who clicked it. We used a bogus email address and a link that was undisguised rubbish.
Despite the fact there were many clues that this email was fake, of the 30 people we sent the email to, 10 clicked on it – and some of them clicked multiple times.
More sophisticated simulations can involve emails that are better disguised and provide more sophisticated tracking such as who opened the email and/or clicked the links. The website on the other end of the link can be made to track who interacts with it and to what extent.
Phishing Simulations: The Results
Employees are inevitably surprised that they are taken in by a phishing simulation, as many are experienced IT users who expect that they would spot a fake email. It’s a really effective way to remind people how easy it is to be fooled by a phishing attack, especially when they’re busy and under pressure at work. It also provides a sobering reminder that the consequences for your business can be severe.
If you’re interested in conducting a phishing simulation as part of your company’s cyber-security training, contact us to find out more. We can create a bespoke simulation for your company that meets your needs and training goals.