SRC Technologies Debuts Security Awareness Training Service, Helps Wisconsin Business Leaders Prevent Phishing Scams
GREEN BAY, Wis., Feb. 21, 2018 /PRNewswire/ -- Do your employees know the difference between legitimate emails and phishing scams? That's the question SRC Technologies (www.srctechnologies.com), a regional IT infrastructure, data security consultant and managed service provider, is asking midmarket businesses throughout the area - and with good reason. According to security research, 98 percent of cyberattacks today are the result of deceptive social engineering tactics, and email phishing ploys are cybercriminals' preferred method of infiltration.(1) Additionally, two-thirds of successfully installed malware originated as malicious email attachments.(2) To combat these sobering statistics, SRC announced today its new End-User Security Training Service, offering web-based training combined with simulated phishing attacks to help employees recognize and avoid serious cyber threats.
"The most important thing a company can do to prevent a phishing attack is to turn its employees into human firewalls," says Paul Jablonski, a security consultant with SRC Technologies. "People need to learn how to recognize a phishing email and what they can do to protect themselves, both as individuals and as employees, so they won't become a cybercriminal's next victim. The best advice we can give our customers is this: Don't ever think, 'It won't happen to me or my organization,' because it absolutely can, and at some point, it probably will."
Experts say phishing attacks play at least some role in most modern data breaches. In 2017, one of the most notable data breaches in the state took place at the Medical College of Wisconsin. In this incident, the protected health information of an estimated 9,500 patients was exposed when cybercriminals gained access to the email accounts of just a handful of employees during a week-long targeted spear phishing attack.(3) Unfortunately, according to Wisconsin's Department of Agriculture, Trade and Consumer Protection, this scenario is all too common: A bicycle manufacturer, a health insurance provider, a general insurance and reinsurance company, a community planning and engineering firm, a water treatment chemical manufacturer, a records management software firm, a plastics manufacturer, a dental services group, and two school districts were all targeted in the last year alone.(4) And each of these attacks had one thing in common: employees who didn't know how to spot a phish-y email and employers who didn't know how to stop them.
Six Ways to Thwart Phishing Attacks
The SRC Technologies End-User Security Training Service is based on the industry-standard KnowBe4 platform that helps train employees to spot suspicious emails and tests their knowledge with periodic simulated phishing attacks. To help Wisconsin business leaders learn to thwart phishing attacks, SRC's Jablonski offers these six tips:
1. Create a Human Firewall: Cybercriminals are getting smarter and more
sophisticated every day, and the only way to combat them is by training
employees to question suspicious emails and by arming them with
information about the ways criminals use email, websites and social media
to engineer their attacks. If an email asks the user to "click here" to
reset their password, but it isn't formatted like others from the same
organization, question it. Hover over links and see if they have
suspicious URLs or domain names. Training employees to look critically at
requests delivered via email before they act on those requests is a must
for any corporate security strategy.
2. Stop Sharing So Much: Yes, our mothers all told us that sharing is good -
but that's not necessarily true when it comes to social media. Spear
phishing attacks are a very targeted kind of attack in which the criminal
gathers information about an individual or a company by either lying in
wait on a legitimate website in the form of an enticing pop-up ad, or
more often, by using what is posted on the victim's social media accounts
to snare them with a sophisticated social engineering-type phishing
attempt.
3. Common Sense is the Best Defense: Everyone knows you're supposed to
change your password frequently - but that doesn't apply to your
employees, right? Wrong. It's important to have strong passwords and to
change them regularly, and it's equally important for employees to choose
unique passwords they haven't used in multiple places. To ensure
employees are adhering to these standards at work, institute a password
policy and enforce it.
4. Design a Validation Process: When businesses communicate with their banks
via email, for example, it's easy for a cybercriminal to spoof those
communications and ask for a money transfer or other sensitive
information. Even if an email looks legitimate and appears to be coming
from an authorized source, anyone on the receiving end of such a request
should be trained to authenticate it via a second source; if the request
came via email, text or call for validation before taking any other
action. Following a multichannel validation protocol embeds an extra
layer of security into the communication process.
5. Update Your Systems: It's easy to fall behind in operating system
upgrades and patches - but it's important not to do so. Patches and
updates eliminate known issues that provide security holes for
cybercriminals. Failing to upgrade or implement patches leaves the
organization unnecessarily vulnerable to older attack vectors that an
upgrade would easily provide protection against.
6. Don't Take Security for Granted: No individual is immune, and no company
is completely safe from a phishing attack. Whether your organization is
specifically targeted or used as a stepping stone to a larger partner,
supplier or customer, it can happen to you. And without the proper
employee training, spotting phishing and stopping it in its tracks will
only get harder along the way.
Says Jablonski: "It's up to each of us as individuals and business leaders to learn how to recognize these attacks and avoid them." But does security awareness training work? According to tests performed after using the KnowBe4 platform, the answer is a resounding "Yes!"
Studies based on a massive data set of six million users across 11,000 organizations demonstrated that security awareness training lowered the percentage of "phish-prone" employees - those apt to engage in "careless clicking" - from an industry average of 28 percent to 13 percent - less than half - within 90 days of beginning the program; after one year, that number decreased to just over 2 percent.(1)
Learn More
-- Need someone to execute, review and manage your employee security
awareness training? Download a datasheet to learn what SRC can do for
you: http://ow.ly/Vq2c30ihbuC.
-- If you're looking for a new security model that accepts the guaranteed
threat of attack and focuses on a way to address it, explore SRC
Technologies' security offerings: http://ow.ly/jRsv30ih8pe.
-- Too busy thinking about profitability, competition, cash flow and sales
performance to devote time to IT infrastructure and security solutions?
Learn how SRC can help you find the right balance:
http://ow.ly/VEAS30ih8KE.
About SRC
SRC Technologies, a regional managed service provider (MSP) headquartered in Green Bay, Wisconsin, offers IT infrastructure and data security consulting and management to midmarket organizations. For nearly a decade, SRC has focused on exceeding client expectations by delivering targeted, responsive solutions and services that meaningfully improve business performance. Through strategic partnerships with Cherwell, Datto, Dell EMC, Kaspersky, LogicMonitor, LogRhythm, KnowBe4, and EventTracker, SRC ensures client infrastructures are secure, available and operating at peak performance. For more information, visit www.srctechnologies.com.
Media Contacts:
Karen Franse, Communication Strategy Group for SRC Technologies
kfranse@gocsg.com
866-997-2424 x222
www.gocsg.com
Arthur Germain, Communication Strategy Group for SRC Technologies
agermain@gocsg.com
866-997-2424 x101
www.gocsg.com
(1 )Press Release (January 23, 2018): KnowBe4 Unveils New Phishing Benchmark Data and Showcases Most At-Risk Industries
(2) Verizon 2017 Data Breach Investigations Report Executive Summary
(3) HIPAA Journal article (November 21, 2017): 9,500 Patients Impacts by Medical college of Wisconsin Phishing Attack
(4) State of Wisconsin, Department of Agriculture, Trade and Consumer Protection: Data Breaches Archive
View original content with multimedia:http://www.prnewswire.com/news-releases/src-technologies-debuts-security-awareness-training-service-helps-wisconsin-business-leaders-prevent-phishing-scams-300601500.html
SOURCE SRC Technologies
