Cyber security is a major component of Mytech’s pledge to Make IT Easy for our clients. We use multiple solutions to maximize protection for our clients – from hardware to security patches to custom-built software – but those protections can only go so far.
As part of our SmartBusiness™ Suite Managed IT Solution – and as a recommended add-on for our other IT services – Mytech offers a monthly multi-part email campaign designed to both train and test your employees’ security skills.
The primary contact at your organization will receive a notification email before either of these campaigns are sent to your team – usually at least 24 hours in advance.
If there is anyone else you would like to be notified, please work with your account manager to ensure they are added. We recommend limiting who you choose to alert, as it may skew the results.
Every month, we send out a training email that covers one of many security topics. These topics can range from broad explanations to a list of best practices. Others will ask participants to consider the strength of their passwords, or their social media presence and vulnerability, to name just a few.
The security landscape changes constantly as new phishing strategies emerge, so a simple trainer video at hiring isn’t enough — it’s important to keep all of your employees up to date on their security training.
Your team will receive an email from one of our security awareness training partners, with a link to the training module. Please note, the link in the email is unique to each team member, so please do not forward the email to others.
Trainings are no longer than 15 minutes, and we highly recommend that you make training mandatory for your employees.
We do our best to send topics that are broadly applicable to most industries, and unique from previous months’ modules. Each training will feature a video or interactive presentation that will demonstrate and educate your team on how to safeguard themselves from different forms of social engineering, spear-phishing, and ransomware attacks.
At the end of each module, your team will take a short quiz to ensure they understood the lesson. If the team member earns a passing score they will receive a certificate of completion.
Measuring individual and overall success is key. We keep track of user participation and training completion to ensure each team member is taking the time to educate themselves about the current security threats.
Training reports are available to show user progress and to meet compliance regulations.
Of course, learning about something isn’t enough – at some point, you have to test that knowledge. To prove that your employees understand the tenets of cyber security, we send out a spoofed phishing email campaign every month. These campaigns will imitate real phishing emails, and will take a new form every time, but will never feature actual malicious content.
These phishing emails are sent at different times each month, to keep the test unpredictable. However, we will never send a phishing test in the first 30 days of our service start with a new client – we don’t want to overwhelm you with too many surprises right away!
Prior to sending the spoofed phishing email to your team, we will send the email details to the primary contact at your organization so that you will be able to identify it as part of the Mytech SecureWorker™ phishing test.
We will provide the address the email will appear to come from, the subject line, and an image of the content.
For the best results we recommend that you DO NOT alert or warn your team, as it will skew the results.
We will then deploy a ‘fake’ phishing email to everyone in your organization. The objective is to make your team aware of all the different ways they can and will be ‘phished’. No one is immune to being tricked, and malicious actors often use current events and scare tactics in their attempts to get a user to click bad links. These emails will challenge your team to think critically, and exercise caution while clicking on any email / link / pop-up etc. We simulate a real-world scenario with no consequence to prepare them for malicious actors.
Anyone clicking a link in these phishing campaigns will be brought to a “gotcha” site that explains the security breach they just (hypothetically) committed. In addition, we record which members of your organization “fell for it,” which you can use to bolster your own policies and target your training.
They’ll often target sensitive issues: holiday bonuses in December, tax alerts in April, COVID-19 test updates, stimulus checks…the list goes on. Hackers will use what works, and they don’t have any reservations about poking touchy subjects. Our phishing tests must prepare employees for this kind of attack.
Though we never set out to exploit sensitive topics, actual malicious campaigns certainly will. The question isn’t “if” you’ll receive a convincing, topical phishing email — the question is “when.” By keeping your team members prepared, you’ll ensure that they’re ready to catch those attempts that sneak through, and keep your organization secure.
For each phishing email campaign, we record which members of your organization “fell for it”. No one is immune to being tricked, and malicious actors often use current events and scare tactics in their attempts to get a user to click bad links.
Understanding how well your team is identifying these potentially dangerous emails, you can strategically bolster your own policies and target your future training.
If you have further questions about Security Awareness Training, its function, or its deployment, please feel free to ask. Our goal is preparation, and we want to ensure you have full confidence in your employees’ readiness to resist security breaches and keep your organization secure.