Don’t take the bait...

Your computer chimes with the familiar notice of a new email, you navigate to your inbox to see the message is from the CEO of your company.  You notice their last name is one letter off and think, ‘that is a bit strange, must be a fluke,’ and proceed with opening the email.  Scanning the contents, your heart begins to race, your CEO expresses his urgent need for a $500 gift card and notes that you’ll be reimbursed immediately if you can reply to the email and send the money right now. You love your job...you need your job...$500 is a lot of money, but with moderate hesitation you send the gift card. You've just become the victim of a classic phishing swindle.

phishing in healthcare

Got any breaches? Go phish.

An astounding “91% of successful data breaches started with a spear phishing attack”. Moreover, “30% of data breaches are caused by repeat offenders from within the organization”, according to KnowBe4.  No hooks or fish were involved in the making of this statistic, spear phishing is the act of fraudulently sending emails from a seemingly trusted author to trick the recipient into revealing sensitive information.

Find out what percentage of your employees are Phish-prone with a FREE Phishing Simulation.

Rouge clicks sink ships.

Many individuals would not realize the impact one click can have on their entire organization. 34% of businesses hit with malware take a week or more to regain access to their data*. Imagine putting your entire operation out of commission for over seven days. The revenue loss would be startling, the guilt insurmountable.

How can your company stop a detrimental cyber-attack before it has the chance to ravage your data? Education is a crucial step in moving to a more secure environment. Implement internal technology regulations and required cyber security training on a regular basis to proactively prevent attacks. Identifying the common signs of a phishing attempt should be part of every employee’s repertoire. This process can seem daunting, where do you start? Performing a phishing simulation on your organization is a viable option.

Phishing is a team sport.

Start with some simple steps to get your program off the ground:

  • Initial testing – assess the results of your first phishing simulation to establish a baseline of who took the bait and who did not
  • Start training – whether it’s in-person seminars, on-demand videos or written assessments, put a training routine in place and be consistent
  • Regular phishing simulations – start sending your team periodic phishing emails with an option to report said attempts to your IT team
  • Repeat steps 2 and 3 until you’ve gathered enough data to analyze. Identify your weakest links and consider supplemental training or disciplinary action.

Interested in a free phishing simulation trial? Let us know! (link to landing page?) Happy phishing! (Simulating phishing, that is)

Author

Anthony Brown

Tony leads the Information Technology and Security Teams to facilitate the success of our clients and the enterprise through technology. His team has responsibility for providing consultative infrastructure support to those clients using our products on-premises, our data centers supporting our hosted clients, and enterprise infrastructure and solutions, in addition to cyber and physical security. He brings 40+ years of deep and varied technology experience, having spent over 30 of those years with some of the largest RCM organizations in the USA leading technology, privacy, security, and operations. He is a Certified Computing Professional and holds degrees from Delta College and Northwood University in Computer Information Management.