By understanding the way users behave and approaching training exercises from an employee perspective, rather than an organisational one, you will revolutionise your security strategies.

Today, email is the number one delivery method for ransomware and other malware. A study in 2015 by Intel Security shockingly revealed that 97% of people around the world are unable to identify a sophisticated phishing email.

What is Phishing?

Phishing is the act of sending emails pretending to be from reputable companies in order to coax individuals into giving out sensitive information, such as passwords and bank details. The criminal practice of phishing dates back to 1996, stemming from hackers who broke into America On-Line (AOL) accounts by scamming passwords from unsuspecting users.

Cyber criminals view people as the weakest link in an organisations defence as they’re prone to making simple mistakes that compromise security. To prevent breaches, it is essential that you employ effective techniques to strengthen the human element of your cyber security defences to nullify these internal and external threats.

Internal threats can be either accidental; unintentionally sending confidential information to the wrong colleague, or deliberate; a disgruntled employee intent on stealing confidential data.

External threats can include the delivery of malware, such as trojans, viruses, ransomware through phishing emails to an organisation, as well as accidents caused by events beyond an organisation’s control.

At Bob’s Business, we deliver a comprehensive phishing simulation service to help you combat the ever-increasing threat of phishing emails. Aimed at providing employees with a well-rounded knowledge on the topic and introducing simple, yet practical changes to your daily routines both in and outside of work, education is at the heart of a phishing simulation.

What’s the best way to train employees against phishing threats?

It’s important to understand what makes employees tick when it comes to training and how you can avoid the common pitfalls when rolling out training.

These can include complications such as tedious course content, organisations considering learning to be too time-consuming, or employees simply having no desire to learn.

This can make it difficult for you to implement training strategies to develop employee capabilities and understanding. Likewise, it is important that you set out clear objectives for training campaigns and ensure that all involved are aware of the process and its benefits.

Some training providers simply send out mock phishing emails to the workforce without letting them know of the training campaign, employees can perceive this in the wrong way, creating an “us vs them” attitude, meaning that employees misconceive the motivations for the training believing that they are been tested and scrutinised behind their backs.

This misconception can create a long-term division between employees and the organisation, resulting in trust and communication issues.

Our CEO, Melanie Oldham, advises that simulated phishing campaigns should be applied in a transparent manner so management and employees are on the same wavelength. Prior to the training, employees should be walked through the process, highlighting how the approach will benefit all involved. Communication creates trust, therefore by pointing out to employees that the campaign is designed to educate them on the dangers of phishing, rather than punishing them, this builds the trust relationship amongst each and every employee.

As well as clear communication, Melanie encourages using gamification techniques in a simulated phishing campaign so that employees have the chance to earn rewards, this will provide them with a greater incentive to apply themselves to the training.

Initial simulated phishing emails enable you to identify any weak points within your human firewall, by which those who fall victim to the original phishing emails are redirected to a phishing eLearning module. The training allows for users to understand how phishing emails are sent, the objective and goals of phishing emails, and how best to avoid being caught out by them.

Our OSPA award-winning phishing simulation service, referred to as ‘Think Before You Click’ uses the same process. After using the service, some organisations experienced a reduction of click rates for phishing emails by over 75%, considerably reducing the vulnerability of sensitive data within the organisations.

‘Think Before You Click’ has received positive feedback from both the organisations and its end users. For one client, 22,370 staff completed the animated learning module, which received an approval rate of 80% (with 52% of staff giving an approval score of 100%) despite it not being mandatory. This demonstrates that this approach is beneficial, educational and positive for both the organisation and the employee.

Phishing employees in a controlled environment carry a multitude of benefits. The campaigns reveal vulnerabilities, where training resources should be dedicated and ensures that employees are equipped with the information for dealing with internal and external threats.

Your workforce is the human firewall protecting your organisation and testing it for weaknesses and helping to build strong and secure foundations is an essential part of ensuring that security is airtight.

You must ask yourself: would they rather an employee be caught out by a controlled training exercise, or fall hook, line, and sinker for a real phishing scam?

Click here to find out more about our award-winning phishing simulation service and how it can help you improve the human firewall in your organisation.

Infosecurity Europe is one of the biggest global cyber security conferences and every year the event comes to London for its annual celebration of the best that the cyber security and technology sector has to offer. Bob’s Business made its 7th appearance at the prestigious cyber security event which is hosted at Olympia London over the course of 3 days.

The event brought many established industry leaders and decision-makers to the nation’s capital and we were privileged to meet both old and new friends during our time hosting our stand, conducting live demonstrations and providing in-depth advice about our cyber security and GDPR training modules.

Bobs Business at Infosec 2018

Ross Black, Business Development Manager at Bob’s Business, said: “This was my first time attending Infosecurity Europe and I was extremely impressed with what the show had to offer”.

“Having started in January this was my first experience of Infosec. It was great to meet lots of cyber security and IT professionals  and discuss how we can help them build a more secure conscious workforce through our engaging and vibrant cyber security and GDPR eLearning courses.”

This year, Bob’s Business decided to provide the opportunity for visitors to win a fantastic range of prizes using their intellect and skill. The Bob’s Business booth ran a ‘Crack the Safe’ competition providing visitors the chance to crack the combination for the safe in an attempt to win a selection of amazing prizes worth over £1000, including the latest technology such as Amazon Echo Dots, Virtoba virtual reality headsets and Lego London sets. Across the 3 days we had over 30 winners who were successful in cracking the safe and winning a stack of prizes.

The Bob’s Business Rebrand

We also launched the Bob’s Business rebrand at Infosecurity 2018 to reveal our new look to the cyber security industry. The new look received fantastic praise with many commenting about the brand new modern look that appeals to clients old and new. This rebrand is being done to help the business achieve its aim of being both professional and quirky, a trait it values as helping it stand out in today’s market.

Infosecurity Strategy Workshops

On day 2 of the exhibition Bob’s Business took centre stage, as our CEO, Melanie Oldham hosted a presentation in the Strategy Talks Section, providing an insightful and impactful presentation on positive ways for Chief Security Officers and Senior Technical Officers to train their employees to become more aware of phishing emails and attacks utilising the Bob’s Business ‘Think Before You Click’ phishing simulations.

Melanie took the audience through examples of successful phishing simulations and training that Bob’s Business have provided and the positive impacts it has had on organisations, with some campaigns seeing up to a 75% reduction click rate in phishing emails.

This can minimise an organisations chances of being targeted for malicious means through high-risk individuals substantially as individuals learn from their own mistakes very quickly and begin to understand the consequences of engaging with phishing emails. If you’re interested in finding out more about our phishing simulations and training – you can find out more about Bob’s Business ‘Think Before You Click’ program here.

How to Run Successful Phishing Awareness Training

After the presentation, Melanie commented: “It’s great to have had the opportunity to speak at such a great event. Being able to share my knowledge, experience and passion for cyber security with so many people is a real pleasure.”

“This year’s Infosecurity Europe has been a massive success for Bob’s Business. We had lots of people visit our stand who were very interested in our cyber security and GDPR courses.”

“It was also really exciting to unveil our new look to visitors, many of who really liked our refreshed modern branding.”

Melanie’s presentation provided 5 key takeaway points on how to run a successful phishing awareness campaign in a way that will help your organisation learn and conduct themselves appropriately when engaging with suspected phishing campaigns.

• Keep the training simple
• Human issues need to be addressed with humanity
• Don’t underestimate the significance of compassion
• Encourage open, honest and transparent Communications
• Breakdown barriers to build trust

After the success of this years Infosecurity Europe Conference we’re already looking forward to next year’s event and we hope to see you there too!