According to recent research, 78% of people are aware of the risks of unknown links in emails but say they click anyway (Friedrich-Alexander University, 2017) and 40% of all employees worldwide try to hide such an incident (Kapersky, 2017)
As the old saying goes, curiosity killed the cat. In today’s digitally-dependent society, curiosity can sometimes get the better of us. That’s why phishing is such a serious problem – and why we are so vulnerable to it.
What is phishing? A phishing scam is an attempt to obtain sensitive information such as usernames, passwords, and financial account information through fraudulent representation. Phishing can be initiated via many types of electronic communications and can trick victims into disclosing sensitive information or clicking links that enable scammers to install malware or gain access to data.
You are likely aware of some of these common phishing schemes:
- Email notification requesting bank account information because of supposed changes to the site or their account, or scams like accepting an inheritance
- Electronic communication that notifies the recipient of a package that can’t be delivered
- Urgent-sounding notification from an unrecognized entity that a password has been compromised
- Alert from an unknown agency that the IRS has submitted the recipient’s name to their investigation department
Because these communications often appear to be from a credible and familiar source or even from a personal or professional contact, it is easy to mistake this malicious communication for a valid one. And with a sense of urgency often attached to each attempt, we feel compelled to act fast or risk the consequences.
ENA’s engineering teams are continually testing, evaluating, and implementing new security measures to protect our customers, but education is your first line of defense against these fraudulent practices.
Key steps to educate your team
- Hold sessions on how to identify a phishing email or call with all staff members, including senior staff as they are the most vulnerable to attack
- Use simulated phishing services and training programs to better understand your vulnerability level and target training to your organization
- Alleviate fears of punishment and encourage transparency so you can shut down a compromise quickly
- Make sure your teachers NEVER share any access credentials
- If a common phishing attack is on the loose, inform your users on how to spot it
- Ask that they report any suspicious communications and that they do not click on any unusual or unknown links or call any numbers without prior review
Tips that will limit your organization’s exposure to phishing threats
- Use strong and unique passwords
- Avoid assigning the same password to varying accounts
- Check the sender email before clicking or opening attachments. Many phishing frauds will appear to be from a familiar entity, but the sender email address will not match
- Do not click on any unusual or unknown links, open any unknown attachments, or call any numbers without prior review
- Do not provide sensitive information over the phone or via email to an unverified or unknown requestor
- When in doubt, notify your IT leader/support team
Common phishing red flags to share with you staff
- Subject line says “Urgent” or “Immediate Action” or “Scanned Document 1 of 2”
- Greeting is not personalized with your name
- Content suggests your account has been compromised
- Requests personal information such as your SSN, card number, or PIN number
Above all, encourage your organization’s staff to communicate with you and ask questions. Build a culture that promotes cyber-security education and awareness to help mitigate and eliminate phishing vulnerabilities.
About ENA Security Services
ENA’s comprehensive security solutions are specifically designed to protect today’s K–12 schools, higher education institutions, and libraries from crippling and damaging cyber threats and attacks. ENA’s engineering teams are continually testing and developing new methods of discovering and mitigating threats in today’s ever-changing network security landscape. Through sophisticated traffic pattern analysis and strategically placed active policies designed to deny known attack vectors, ENA can limit attack traffic at the edge of our network.