Combat over confidence | Phishing Simulations

18 Jan

Protecting your business from phishing is non-negotiable in 2022

One of the best ways to check whether your organisation is prepared for an attack is by simulating one, and like every emergency drill it’s essential that your phishing simulations are realistic and truly test your organisation’s readiness.

In this article we take a look at the components of an effective phishing simulation. Here’s how you can stress test your cybersecurity system and prevent your team from having a false sense of security.

this is not a drill:  the importance of a realistic phishing simulation

Picture this: your most honest, well-meaning employee receives an email from a manager in your business – it could even be you – asking them to update details or respond to an urgent matter.

About half-way through the email, there’s a link, along with a request for them to click on it. Even though they’ve never been asked to do this before, there’s no sense questioning the manager in an urgent situation – or is there?

Just like that, a potential phishing attack could’ve taken place.

  • Sophisticated phishing scams coupled with hacking attempts that give cybercriminals control of your company’s email service could easily create a scenario just like this one.
  • When you create a phishing simulation, you’ll want to make it seem as legitimate as possible while including a few giveaways that your staff should be on alert for.

what to include in a phishing simulation

Here are a few signs that an email contains a phishing attempt. By including these in your cybersecurity drill, you’ll be able to put your team to the test realistically.

  • Unusual subject line or request for urgent action. An email that seems to be from a colleague or manager but contains instructions that are not typical of that person’s usual behaviour should be treated as highly suspicious.
  • Requests to click on links. Internal emails in your company might ask employees to click on Google Drive or other workplace management links, but any external link should immediately arouse suspicion.

Encouraging workers to read the link before clicking on it and to always check the full address of the sender. Confirming any out of the ordinary requests of this kind with the sender might take up some valuable time but can save your organisation greatly in the event of a real phishing attack.

keeping it believable

A simulated phishing email that seems ridiculous or reads like a clichéd Nigerian prince scam is likely to be deleted or ignored by the recipient.

On the other hand, sophisticated phishing tactics usually rely on something believable.

  • To strike a balance between believability and suspiciousness make sure your email is worded in a tone similar to your normal business correspondence.
  • Be sure to include a request for unusual action or embed a suspicious link to test your team’s cybersecurity awareness.

keeping your data safe with secure cloud storage

With phishing attacks and other cybercrimes increasing by the day, every business in South Africa needs secure data storage.

Our range of cloud storage solutions could be an integral component in your cybersecurity strategy.

Comments are closed.