? EDITOR ’ S QUESTION //
“
OVERALL , WHEN IT COMES TO EMAIL , THE BIGGEST THREAT SMES ARE FACING IS PHISHING
EMAILS .
I n cybersecurity everything is underlined by policies , and there are two different types of policies that organisations should have in place for email . First is an overall email security policy – an official company document detailing security practices of your organisation ’ s email system . Secondly , an acceptable use policy – a document stipulating constraints and fair use that a user must agree to before being granted access to a corporate network .
Overall , when it comes to email , the biggest threat SMEs are facing is phishing emails . For example , Deloitte found that 91 % of all attacks begin with a phishing email to an unsuspecting victim . Such a high number being attributed to phishing suggests that organisations are not implementing policies effectively nor are their employees being appropriately educated around the threat .
The best practice approach that will help SMEs combat this issue is training . As part of our social engineering assessments on a company , we carry out random simulated phishing attacks on its employees to see who bites . Any employee who is identified to have clicked on a malicious email is then provided with the appropriate training on how to spot them and what to do , and perhaps more importantly what not to do .
In my experience , most of the time organisations have between 60 – 80 % click rate which means that the majority of employees being targeted with these emails are clicking on them . Aside from other forms of social engineering and simulated phishing attacks , another way for organisations to protect against high-risk email threats is to implement a platform to measure and improve the security awareness of employees . In doing this , I ’ ve seen a company go from a 60 % to 3 % click rate in 12 months .
When it comes to high-risk email threats , people are the weakest link . In order for SMEs to protect themselves , it ’ s imperative that awareness training for employees is carried out consistently as hackers are not relenting and a simple ( wrong ) click of the mouse can result in disastrous consequences for a small business . If your employees don ’ t get at least a weekly notification of what they need to be looking out for , then it won ’ t be effective .
“
MOST OF
THE TIME ORGANISATIONS HAVE BETWEEN 60 – 80 % CLICK RATE WHICH MEANS THAT THE MAJORITY OF EMPLOYEES BEING TARGETED WITH THESE EMAILS ARE CLICKING ON THEM .
KYLE TURNER , CYBERSECURITY LEAD UAE AT A & O IT GROUP
22 intelligent
. tech
Intelligent SME . tech