In the Phishing Test Report – Ep 290 of The Help Me with HIPAA podcast, Donna and David explain just how often and easy owners, employees, teachers and just people in general fall for phishing emails. This is the easiest way the bad actors can gain access to a computer system and wreak havoc on your business.
In 2020, Terranova Security published their Gone Phishing Tournament report. This report gives cyber security and risk management leaders real-world phishing benchmarking data and lets organizations see how their click rate stacks up against their peers by industry, organization size and geographical location. The long and short of it is, if you can’t stop people from clicking, you are going to have a security breach really soon. Even David admits, IT companies are not the best at not falling for the phishing scams. That alone should make a business owner take notice and try to figure out how to prevent their employees from becoming a victim of a phishing attack. Oh and by the way, NONE of Donna’s employees failed the Gone Phishing Tournament! They are awesome!!
What can you do to at least start protecting your business from a phishing attack? Yes, Security Awareness Training. Does that mean just once a year training? David is yelling NOOOOOOO, stop kidding yourself into believing you can tell your employees anything once a year and they will remember to do it or not to do it. Training needs to become a part of your culture. Even if you take a security training topic that only lasts 5 minutes once a week, you will create a culture of security that might help just save your business.