![]() ![]() The malicious software that installed at that time created an email forwarding rule to send every email that was destined to the accountant to an alternate email address but also still delivered the email to the accountant so they would not be aware that anything was wrong. By clicking on the link, malicious software was unknowingly installed on the user’s computer. Since nothing happened, they assumed that everything was fine and never reported it. Step 1: Six to seven months earlier, an end-user in the company clicked on a malicious link. What happened?Īfter careful evaluation, here is what was uncovered: This was a significant sum of money that just vanished. The following Monday, the CEO realized that he never received the money transfer, and after a quick call to the bank, they realized that the money was gone from the company account and transferred to an account that was not his own. Since it was a pretty typical process for Contoso, they went back and forth over email and completed the transfer. One Friday afternoon, the accountant received an email from the CEO indicating that a transfer needed to be made. Whenever wire transfers were initiated, it would typically occur between a member of the accounting team and the CEO. The company name has been changed for security reasons.Ĭontoso Company would frequently do wire transfers to pay vendors and members of the executive staff. The Case for Security Awareness: A Real-Life Phishing Example Anything that allows the scammer to steal something from the business. The end goal is to get something out of the end-user like a password or sensitive information or even installing some type of tool that provides access to your system. Phishing is very similar to fishing, which is how it earned this name. You pronounce phishing just like the recreational hobby of catching fish (fishing). This comes through email and is designed to look very realistic and sometimes made to come from people you know in your organization. Phishing is the act of scamming an end-user by "baiting" them with something fake that looks real (just like real fishing). Before we move on, lets quickly define a term that we will be using a good bit in this example. The best way to show the power of security awareness is through a real-life example. Instead of simply providing another layer of protection like antivirus or a firewall, the focus of security awareness is working with end-users to ensure they have the necessary knowledge to make smart choices, thus protecting your business. Security awareness is the new buzzword going around the tech industry, but it aims to fill a gap in cybersecurity that has existed for a long time. Security awareness is ownership of all employees over the safety of an organization's data and information systems, as well as their practice and understanding of how to prevent data breaches and security incidents at the individual level. This article provides an overview of what a security awareness program is, what it can do for your company, and the features you should look for in any security awareness solution. While we selected KnowBe4 as our security awareness partner of choice, we know that our solution isn’t the best fit for everyone. This is why a comprehensive security awareness program is a critical component of your overall cyberthreat prevention strategy.Īs a managed service provider (MSP) managing thousands of devices and supporting end-users across almost every industry, Innovative offers security awareness programs to our customers through the KnowBe4 solution. Even one employee who clicks on a malicious link in their email could infect your entire business, even from home. Many businesses are working on home systems that don't have the typical defenses, and this is what criminals are targeting. In fact, FBI has reported a 400% increase in cyber-attacks during the pandemic. Cyber-attacks are rising because criminals know that some of the typical defenses that businesses have in place are down or moved at the moment. The problem is that now, more than ever, security needs to be a primary focus. We are all doing what we have to do to survive this global pandemic, and security is taking a back seat for now. Reporting – Track improvements over time and identify areas for focus for the next round of testing and training.Training – Teach end-users how to identify and respond to suspicious emails. ![]() Testing – Find out where your most significant security gaps lie.It also gives them skills to prevent and minimize data breaches and security incidents at the individual level.Ī comprehensive security awareness program includes three elements: A s ecurity awareness program promotes ownership of all employees over the safety of an organization's data and information systems. ![]()
0 Comments
Leave a Reply. |