Skip to main content

Employees may not always be to blame for phishing scams

(Image credit: Image Credit: wk1003mike / Shutterstock)

Properly teach your employees to spot phishing threats, and they will be your impenetrable wall of defence. This is the essential conclusion of Cofense’s 2019 Annual Phishing Report, which argues that while employees are considered the weakest link in the phishing attack scenario, they can be a strong line of defence, if properly trained.  

“Security practitioners need to repudiate the common misconception that end users are the weakest link in organizational defence,” said Aaron Higbee, cofounder and chief technology officer, Cofense.

“In fact, employees are the last and ultimate line of defence.”

Thee are three ways organisations can tighten their security, and Cofense has condensed them into these ideas: Reporting, Fequency and Relevance.

Reporting revolves around the idea that employees have an easy and straightforward way to report suspicious emails. Frequency is all about regularly simulating phishing to improve reporting rates and drive down user susceptibility. For Relevance, Cofense says that simulation which imitate real-life phishing lead to higher reporting rates.

Phishing is one of the most popular cyberattack practices, in which hackers try to trick employees into downloading a virus or visiting a malicious website. They do that by sending a legitimate-looking email in which they pretend to be someone else, like their bank, their boss or friends and family.

These emails almost always have a link, or an attachment, which the victim can click and download. The best way to stop phishing and the subsequent cyberattacks is to teach people to spot impersonators and fake emails, and to make sure they don’t click email links or downloads unless they are 100 per cent sure of their authenticity.

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.