Every season seems to bring another announcement that a large and powerful company has experienced a data breach, putting countless customers at risk for credit card fraud and more. From Target to eBay, several organizations have become major recipients of phishing scams. To avoid that fate for your company, employees must be properly trained on Internet best practices. One of the most engaging ways to educate your staff is through an online training platform.
If you’re not sure what constitutes phishing, the Anti-Phishing Working Group defined it as a criminal activity that uses both social influence and technical prowess to swipe financial and personal data from consumers. Using fake emails, websites and phone calls are all considered to be social engineering, while technical subterfuge involves the installation of harmful software on specific computers. This crimeware can intercept user names and passwords, redirect people to a faulty website and more.
The prevalence of phishing
According to APWG’s recent report on phishing activity trends for the first quarter of 2014, most of the scams are directed at U.S. businesses. The payment service, financial and retail service sectors are often targets. Unsurprisingly, payment services are affected almost 50 percent of the time.
The most recent financial quarter saw the highest number of phishing scams since 2012, as stated by Chief Security Officer. These days it seems phishers are putting more effort into their scams, so businesses need to implement training processes that fight back with more force. The APWG found an 11 percent increase in the number of phishing sites from the end of 2013 to the end of 2014’s first quarter. Because hacking activity is historically low during the first quarter, the group is predicting a worldwide surge in phishing throughout the rest of the year.
CSO reported on a security breach at Booking.com where customers were directed to wire money into a Polish bank account. The hackers told people that there was a credit card transaction failure so they had to pay in this alternate way. The clients were also asked for their names, addresses and booking numbers. The source said it could be the result of a phishing scam by random hackers or by an employee at the company who had access to customer information.
While phishing was originally limited to certain vulnerable industries that collect large quantities of personal and financial data, any company with stored information can become a target, according to CSO. Sometimes hackers will double up on efforts by sending a harmful email and following up with a phone call. This communication is used to convince the victim to open the email or attachment that will collect the desired data.
What to include in the training program
The National Cyber Security Alliance came up with several suggestions for employers looking to educate their staff about Internet safety. When you create online courses using learning management systems, for tips to avoid scams, try to incorporate topics such as password practices, restrictions regarding office computers and expectations for staying alert. Best password protocol includes changing them regularly, using a diverse range of characters and adding length for extra protection. Employees should be discouraged from installing unapproved software onto their computers that may cause data breaches. There must also be rules regarding how often staff members have to back up their systems and guidelines for identifying suspicious communications.
CSO recommended training employees to think about links before they click and give URLs, as well as sender email addresses a few extra seconds of attention. According to the source, the online course software should be updated and used regularly to keep employees up-to-date on best practices.