Up all night

“Just knowing my company was using a phishing simulator stopped me from opening emails I had doubts about,” said an employee of a business using Bryley Email Phishing Simulator.

Bryley Email Phishing Simulator tests employees by staggering the delivery of phishing-like emails, to help users develop vigilant behavior. “Why risk [opening] it?” the same employee added, “I don’t want to end up an example at the next meeting.”

According to IBM’s Cost of Data Breach Report,1 a single human error was responsible for about twenty percent of data breaches. So a negligent employee is a tangible threat to your business’ data. And the threat tactics keep morphing, pretending to be from one company then another and changing the kinds of appeals or preying on different fears. Criminals are also clever enough to rarely send the same phishing email to more than one employee of a business. There’s only one answer to try to stop your employees from compromising your data: regular security awareness training that keeps up their ability to recognize current criminal tactics.

Employees may jeopardize the security, integrity or accessibility of your business’ data through:

  • Password reuse Reusing the same password for multiple accounts is a common habit used by employees. Unaware of the security consequences the average employee uses the same password across an average of five account logins, both personal and business, according to Ponemon research.2 This is also a good argument for instituting a company-wide password management solution with single sign-on, like Bryley Password Manager.
  • Falling for phishing scams An untrained employee may find it more difficult to detect criminals’ deception. This can lead to leaks of sensitive business information.
  • Other accidental sharing and exposure A moment of carelessness can lead to an employee sending data to a cybercriminal. For instance on a website form or after receiving a request over the phone. Again sensitive business data may end up in the wrong hands.

The criminals consider wresting our data to get at our money their full-time job. So how can we do less than develop a security-focused culture within our organizations through comprehensive and continual security awareness training? Employees consistently exposed to security awareness training are more likely to follow cybersecurity best practices,3 helping ensure data is not unduly exposed.

Where Have You Gone Robbie Ninkovich?

In 2020 after a ransomware attack, fifty-six percent of businesses did not pay, but recovered data from backups.4 Glad that many could do that. But even in the best-designed backup implementations (and I’ve written about Bryley’s enterprise-class backup strategy with its minimal downtime through the use of both a local device and the Cloud) there is always a cost to rebuilding a system. There is always time and expense to restore every user to where he or she was before the catastrophe. And how close was the restore-point to the actual time of the breach? Some work was almost definitely lost at each of these businesses.

Think of your backups as your corners and safeties – hanging back in case something gets past the front defenders. Backup is your last line of defense. A lot of businesses that relied on their backups could have avoided the damages inflicted by the ransomware attacks if they had better prepared their defensive line, their employees. Sans.org reports that businesses invest ten to twenty times the amount in their machines than they do training their people to use the technology, including training them to recognize a ransomware threat.

Bryley can help you implement a comprehensive data protection plan that incorporates employee training and data backup solutions that will enable your business to avoid data-loss events that can jeopardize your business’ future. Because in spite of recovering data, ransomware is still a catastrophic event and sixty percent of small- to medium-sized businesses fail within six months of suffering a ransomware attack.5

Regular Training Limits Our Dependence on Backups

Cybercriminals are expert at exploiting events to scam us. COVID has given hackers new opportunities to find loopholes left unaddressed by companies switching to remote/hybrid-work models – models for which most were not prepared. Because of this, incidents of phishing and ransomware are higher than ever. By mitigating the human errors that often play a part in data-loss or -corruption, you can help lessen the costs and consequences that could impact your business’ future. That’s why deploying a business continuity and data recovery strategy that incorporates security awareness training with your backups is a best-practice defense that gives your business its fighting chance.

Consider Bryley Email Phishing Simulator

Bryley Email Phishing Simulator is a program of simulated phishing emails. Bryley Phishing Simulator tests employees by sending randomly-timed phishing-like emails. As simulations are sent out managers can track the number of clicks on phishing emails. Reports also show you who needs further training. The program includes a series of training videos. Phishing simulation training can help ensure the security of your data by helping employees learn so they don’t fall for a real phishing attack.

Contrast Bryley’s ongoing email phishing simulations approach to the typical approach of bringing in a trainer for a seminar. Seminars give a bump in awareness about the given subject-matter. But this bump is followed by a quick decline over months. And there is little long-term effectiveness. Harvard Business School’s Michael Beer said, “some studies have shown that only ten percent of corporate training is effective … companies are not laying the proper groundwork to get the most out of what is being taught.”6

The “proper groundwork” is the reason behind ongoing training programs such as Bryley provides. Bryley Email Phishing Simulator is updated to reflect the current month’s phishing trends, so the emails are based on what employees will likely see in the wild, and delivers test emails throughout a designated campaign period. Its regularity changes people’s behavior.

Look Alive Out There

Because criminals’ ploys keep changing, a business needs to adopt a constant approach to its employees’ training. Bryley can help you develop your strategy for ongoing, consistent training. Bryley has the expertise and tools to train your staff to lower the risk your organization will suffer a breach. Security awareness training empowers your employees to detect and respond appropriately to cyberattacks. Because of this your business will improve its emphasis on prevention and contribute to your culture of attentiveness. Bryley Systems has been a trusted adviser in securing technology since 1987. If you would like more information about Bryley’s approach to security awareness training, please call 978.562.6077 or email ITExperts@Bryley.com.

1 https://www.ibm.com/downloads/cas/QMXVZX6R

2 ibm.com

3 Kaseya

4 Kaseya

5 https://www.inc.com/amrita-khalid/ransomware-hackers-crime-cybersecurity-tips.html

6 https://www.forbes.com/sites/hbsworkingknowledge/2016/07/25/companies-waste-billions-of-dollars-on-ineffective-corporate-training/?sh=11eede134d22