Research indicates there has been a profound increase in phishing attempts since the coronavirus pandemic started. Companies now experience an average of 1,185 phishing attacks every month, Greathorn’s 2020 Phishing Attack Landscape Report shows. 30 percent of cybersecurity professionals reported the phishing attacks found greater success in the wake of COVID-19. With such a substantial portion of attacks yielding success, it is more important than ever to prepare your organization. First step? Increase your employees’ cyber awareness by providing them with the knowledge and tools necessary to recognize and fend off phishing attacks.
Nowadays, you should no longer be asking yourself whether or not you will be hit by cybercrime, but when you will be hit. Unfortunately, this mindset has not yet pervaded organizations on a large scale. As a result, cybercriminals often have free reign. Hiscox’s Cyber Readiness Report 2020 shows that 24 percent of organizations in the US are considered experts in the field of cybersecurity. According to Hiscox, awareness among employees is higher in the US. But even employees who are confident in their phishing identification skills are more likely to slip up when faced with a massive amount of malicious emails. Time for a change!
The best way to make employees aware of phishing emails’ characteristics, and therefore of the risks to your organization, is to continuously train and teach them what to keep an eye out for to avoid a cyber-attack on their organization. Security awareness is not a project but a process. Knowledge and vigilance must be deeply rooted in the corporate culture; only then will the chance of employees intercepting all phishing emails become the greatest (and the risk of successful cyber-attacks a lot smaller).
This cannot be achieved with a single training session, which may only be repeated annually. Information cannot be learned and remembered by a single repetition, not even by an individual with very high ability and the greatest concentration. The German psychologist Hermann Ebbinghaus already knew this in 1885, and it is still valid 135 years later (!).
What does work, according to Ebbinghaus, is offering information repeatedly and in small pieces. Repetition is indispensable to enable reproduction and understanding of certain information. As the number of repetitions increases, the information becomes more profoundly and indelibly embedded. So, do you want to turn your employees into a cyber aware human firewall, and your organization into a cybersecurity expert? Then, you will need to provide information about cybercrime and cybersecurity continuously and repeatedly.
This can be done by displaying small pieces of information on digital signage screens in busy areas of your building. Or, now that a large proportion of your employees still work from home, via your own company app, or the screensavers or wallpapers on your employees’ laptops. You can even remind them on Microsoft Teams every now and then.
If you genuinely want to tackle the problem and raise awareness the right way, you can publish the information in all those channels via our omnichannel platform. That way, you can be sure you are going to reach every last one of your colleagues.
And only if all your employees are aware of the dangers for your organization, you will grow from organization-wide awareness and behavioral change only to a working environment where safe and information conscious working is the norm.
Would you like to know how you can raise your employees’ awareness of your organization’s risks? Download these 10 Useful Tips to Sharpen Your Employees’ Cybersecurity Awareness. Or get in touch with our consultants; they are happy to help you!