It only takes one employee to open up one email and compromise your entire networkStrengthen Employee Resilience against Phishing Attacks.
Who should attend:
C-level employees, all administrative staff, particularly those who work in accounting and finance functions.
Facilitated by:
Real-life case studies, simulated phishing platform and email briefings that inform participants about current threats.
Strategic purpose:
Several organisations have had their IT systems compromised by just one employee opening up a malicious email or attachment. This module creates awareness of the problem and gives participants practical best practice steps to deal with this potent threat.
Core Content:
Phishing – Understanding the motivation and goals behind phishing attacks. Identification of phishing emails. How phishers time their attacks. An overview of the psychological tricks phishers use and an examination of the different email attachment types or URLs they use in real-world attacks. How office documents, archive and PDF file extensions are used as malware conduits to exploit a system. How domain squatting, shadowing and URL-shorteners are used in phishing attacks. How legitimate services, such as Google Docs, Dropbox and DocuSign, are used in phishing attacks. Actionable steps to deal with suspected phishing emails.
“Spear-phishing emails emerged as by far the most widely used infection vector, employed by 71 percent of [cybercriminal] groups.”
Symantec Internet Threat Report, 2018
Spear-phishing - Cybercriminals have been using spear-phishing campaigns tailored to specific groups of users. One of their favourite techniques is malicious emails, which are frequently used to target finance departments and healthcare organisations.
“Phishing and spear phishing emails were at the root of some of the biggest headline-grabbing breaches in recent years.”
Cisco Annual Cybersecurity Report, 2018
SMS Phishing - Because of their smaller screen sizes and different graphical interfaces, users of mobile devices are more susceptible to phishing. Moreover, many users still hold the erroneous belief that smartphones or tablets are immune to malware. In reality, credential stealing malware that’s installed on mobile devices will exfiltrate authentication usernames and passwords to remote servers owned by cybercriminals. These credentials can then be used to perpetrate further attacks.
Angler Phishing – This is an often overlooked form of phishing that poses a risk for personal and organisation data. Our training informs participants of the risk, as well as how to detect and mitigate it.
Benefits:
- Employees are better equipped to spot and mitigate phishing attacks.
- Security trained employees will significantly reduce the risk of a phishing-related data breach.
- Fewer resources will be tied up in disinfecting or re-imaging systems by your IT support or security teams.
- Less downtime for employees who deal with information security incidences.
- There will be less risk of the negative publicity that is generated by a data breach or interrupted operations.