" APPROXIMATELY 97 % OF EMPLOYEES ACROSS MULTIPLE INDUSTRIES CANNOT RECOGNIZE A SOPHISTICATED PHISHING EMAIL ."
Email security is another essential tool to combat cybercriminals . Solutions that offer warning banners and flag suspicious emails allow users to quarantine or mark the message safe with one click . Compromised passwords can open the door to cyberattacks . An identity and access management ( IAM ) tool can combine single sign-on ( SSO ), multifactor authentication ( MFA ), and password management into one integrated solution . Another option is passwordless authentication , which reduces security risks associated with passwords . It works by authenticating a user ’ s identity using biometrics , such as fingerprints and one-time passwords that require users to input a code that is provided to them via email , SMS , or an authenticator app .
Finally , an organization is only as strong as its people . Security awareness training is no longer a “ nice-to-have .” It is a necessity , and one that can be offered by MSPs as a service . By increasing security awareness , an organization can reduce its chance of having a cybersecurity incident by up to 70 %. Security awareness training should be offered when onboarding employees . After that , phishing campaigns should be carried out monthly , since research shows that trained employees start losing what they learned at 4 – 6 months after each session .
CHANGING MIND-SETS IS PART OF THE STRATEGY
It ’ s hard to argue against cybersecurity training , given the threat landscape , but it can be burdensome . For this reason , many organizations and their employees may not prioritize it , or they ’ ll skip it altogether . The opportunity for MSPs to offer this training is ripe , with the easy sell that a cyberattack can result in lost revenues , damage reputations , compromise data , cause operational disruptions , and even lead to lawsuits .
To engage employees in company training so they don ’ t see it as a chore or task , it needs to be simple . Training should be delivered in easy-to-communicate content , such as videos . The ideal time frame is 15 – 30 minutes to ensure maximum retention of what was learned . When it comes to compliance topics , there may be a lot of ground to cover . Rather than making trainings longer , they should be broken up into two or more segments . Whatever the subject matter , training should always be focused on one main idea and provide sample scenarios where participants are asked questions to test their knowledge of best practices .
Another thing to keep in mind is that there are many types of cybersecurity training that target various aspects of security .
Topics such as clean desk policy , strong password practices , and how to avoid phishing scams would fall under training for protecting passwords , while data privacy would cover privacy risks and secure connections . Other useful training topics range from physical security to cybersecurity threats such as ransomware , account takeover , and business email compromise , among others . With many employees still in remote or hybrid work scenarios , mobile security training is equally critical , teaching employees how to secure their mobile devices and educating them about Wi-Fi security , device management , and backups as it pertains to mobile .
Phishing is not going anywhere , and attacks are only getting more sophisticated . There is tremendous opportunity for MSPs to help their clients with their cybersecurity strategies and solutions . It ’ s more important than ever to be aware and stay on top of the latest threats to best advise and protect clients as well as your own business .
PHISHING AT A GLANCE
• 1 in 3 employees are likely to click the links in phishing emails .
• 1 in 8 employees are likely to share information requested in a phishing email .
• 60 % of employees opened emails they weren ’ t fully confident were safe .
• 45 % click emails they consider to be suspicious “ just in case it ’ s important .”
• 45 % of employees never report suspicious messages to IT for review .
• 41 % of employees failed to notice a phishing message because they were tired .
• 47 % of workers cited distraction as the main factor in their failure to spot phishing attempts .
Manoj Srivastava is the general manager of security for Kaseya ’ s ID Agent and Graphus companies . He is the cofounder and former CEO of Graphus before it was acquired by Kaseya .
Learn more about how to prevent phishing attacks by visiting Graphus . ai or IDAgent . com .
MSPSUCCESS . COM | 21