Insureon Blog

How Would Your Business Do in a Phishing Test?

16. April 2015 08:02

keys on a fishing hook

It seems as though data security is all the rage these days – and rightly so. After all, data breaches have become a formidable part of the risk landscape. And some businesses are getting creative about the ways they test their security measures.

According to Advisen, Kansas City auditors conducted a test to see how employees and the IT team would respond to a phishing email attack. Unbeknownst to the employees, the auditors sent a phony phishing email asking for login credentials.

Here are the results:

In real-life, these results could jeopardize the entire municipal computer system – hackers would essentially have 280 chances to infiltrate it.

The report notes that some employees caught on to the fact that the email was a phishing scheme and provided fake credentials. But that isn't the way to go – simply clicking on the email link can introduce malware to the system.

All in all, the test results are a reminder that your business's data security defenses are only as strong as your weakest link. Though you may have the savviest IT team around, breaches often hinge on what your employees do. (For more on that, see "Dating Apps on Your Business Phone? Prepare for Heartbreach.")

Let's review some best practices that you can share with your employees to bolster your data security.

Go Phish: Data Protection Starts with Employee Education

Educating your employees on how to avoid data breaches is one of the most effective forms of risk management. But if you're like most small-business owners, time is a precious commodity. So save yourself some time by sharing these tips on how to dodge phishing scams with your team:

  1. Be wary of email links. As a rule, don't click on email links from people you don't know or if the link is suspicious. For example, a friend or associate's email account may be hacked, and scammers could use the account to send out malicious links. Think twice when a message offers no context and says something like, "Check this out: URL."
  2. Never offer up credentials via email. Legitimate organizations never request sensitive information through email. Company leaders won't ask for that information online, either.
  3. Watch out for scare tactics. Hackers often threaten to disable accounts to get users to give up the information they're after. When in doubt, type in the website URL in the search bar to go check on your account.
  4. Update passwords regularly. Passwords should be complex and updated regularly. For example, "123456" is easy for hackers to guess. Make sure passwords use a mix of capitalized letters, numbers, and symbols. The harder it is to remember, the harder it will be to crack.

For more tips, be sure to read "Data Security: When Malware Training Could Save You Thousands."

Tags:

Data Breach | Small Business Risk Management | Tips for All Small Businesses

Permalink | Comments (0)