Page 59 - index
P. 59
Three Tips for Reducing Risk
Phishing and smishing threats are likely to persist for years — if not decades — to come. But
the risk you face from these threats depends on your infrastructure and your employees. Our
Continuous Training Methodology takes a unique, 360-degree view cyber security education.
One-and-done methods and once-a-year mammoth videos and presentations aren’t as effective
as our interactive approach, which delivers “bite-sized” training about specific topics. Education
that is delivered at regular intervals and in digestible chunks builds a culture of awareness,
changes user behaviors, and keeps cyber security top-of-mind for employees year round.
Consider this: If you aren’t helping your employees identify the hallmarks of suspicious email
and text messages, they are almost certainly putting their personal information and your
systems at risk. As you weigh the benefits of effective security education, use these three tips to
get on the path to risk reduction:
Think before you click – One of our customers’ IT security officers told us that a targeted
training goal was to have their employees pause before they interacted with a new message.
“We felt that if we could gain a second or even a half of a second pause between the moment
when an employee sees a link or a file and the moment when he clicks, in that gap lies the
opportunity for a thought process in which the user ultimately decides, ‘Maybe this isn’t safe.
Maybe I shouldn’t do this.’” The customer gained that advantage and then some, reducing
malware infections by 42% using our methodology.
Don’t be afraid to follow up – A message can look and even sound legitimate but still set off a
warning bell. For example, an email that comes from a corporate IT address and tells you to
download new security software can seem trustworthy; it appears real and is on topic. But would
that really be the process your IT department would follow? It takes just a minute to confirm a
questionable message with the sender, whether it’s a coworker, internal department, or financial
institution.
Report suspicious messages – Fraudsters will often send the same message to hundreds or
even thousands of accounts. It’s not uncommon for numerous people in a company to be
included in a single attack. If you suspect an email or text is malicious and is targeting corporate
or personal information, report it to your IT department. This could help identify a problem early,
before unsuspecting users expose themselves and your organization to dangers.
About the Author
Joe Ferrara is the President and CEO of Wombat Security Technologies. Recently Joe was a
finalist for EY Entrepreneur Of The Year Western Pennsylvania and West Virginia and received
a CEO of the Year award from CEO World. Joe has provided expert commentary and has
spoken at numerous information security industry events including RSA Europe, the CISO
Executive Network forum, ISSA International, and many regional information security
conferences. His security awareness articles have been published in Network World, CSO
magazine, TechWorld, FierceCIO, Computerworld, and many others.
59 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
