According to the Federal Bureau of Investigation, in 2021 there were 847,376 malicious cyber-attacks. Of those, 323,972 were phishing and vishing attacks. A phishing attack is where a nefarious individual or group tricks an employee into revealing sensitive information through electronic communications, and vishing is through telephony.
Why Phishing & Vishing?
The goal of these attacks on an organization is to:
- Steal your money
- Damage your reputation
- Access your intellectual property
- Disrupt your operational activities
- Create a negative effect on your culture
While phishing and vishing makes up only 40% of all data breaches, these data breaches typically occur through individuals. Therefore, it is critical to have workforce cybersecurity training in place to limit phishing and vishing data breaches.
How to Train Your Staff to Recognize Phishing & Vishing
Training should be ongoing and frequent with 100% of your workforce. If you don’t, you run the risk of exposure through your weakest link, which is the primary target of attackers.
Think of fire drills. Everyone in your organization should know what to do in the event of a fire. Several businesses, like hospitals, are required to have regular fire drills to gauge their effectiveness and define areas for improvement. Phishing and vishing are no different, especially for new employees. It should be an important part of the onboarding process as well as continuing education.
It is recommended to segment your workforce into groups to adapt the training to their specific workflows. Employees respond differently to various schemes. Creating realistic attack scenarios tailored to their work environments is the best way to educate your employees. It is estimated that one in every five employees at all levels is a “serial clicker”, those who repeatedly open and download attachments without thinking. The good news is with ongoing and frequent training, it can make a positive change in the behavior of these individuals.
Why Is Regular Cybersecurity Training Important?
Phishing and vishing tactics are constantly evolving. It is critical to keep your employees up to date on the latest threats. Train them to be wary of anything that doesn’t seem legitimate or is a change from normal operations and report it to superiors and/or information technology staff immediately.
No matter what your organization’s size, it can be a daunting task to try to run an ongoing and frequent training program such as those described in this article. It is recommended you select an automated training solution from a third-party vendor that not only covers phishing and vishing but other areas of potential data breaches.
Who Can Help My Company Train for Phishing & Vishing Attacks?
Our cyber-security experts at The Whitlock Co. can do a phishing and vishing test of your organization and make recommendations to you for ongoing organization training. Give us a call today at (417) 881-0145 to see how we can help.