Cyber security is a major component of Mytech’s pledge to Make IT Easy for our clients. We use multiple solutions to maximize protection for our clients – from hardware to security patches to custom-built software – but those protections can only go so far.
Last year, 94% of malware was delivered via email. And all the software and hardware in the world can’t prevent a single employee from opening a convincing email, ignoring the security pop-ups, disabling a blocker, and introducing malicious software into your network.
Hackers are all too aware of this, but many employers aren’t. In fact, only one third of organizations see careless or unaware employees as a security vulnerability. Security patches, hardware, and other tools are certainly still necessary, but a comprehensive cyber security strategy must include measures to protect you at every link in the security chain.
As part of our SmartBusiness™ Suite Managed IT Solution – and as a recommended add-on for our other IT services – Mytech offers a monthly multi-part email campaign designed to both train and test your employees’ security skills.
By developing employees’ knowledge of current phishing and social-engineering cyberattacks, Security Awareness Training will routinely shore up your defenses in this crucial aspect of your security strategy. Unlike many MSPs, we don’t see this education as optional – we believe security-savvy employees are a cornerstone of your protection, not an added bonus.
Every month, we send out a training email that covers one of many security topics. These topics can range from broad explanations to a list of best practices. Others will ask participants to consider the strength of their passwords, or their social media presence and vulnerability, to name just a few.
We do our best to send topics that are broadly applicable to most industries, and unique from previous months’ modules. Trainings are no longer than 15 minutes, and we highly recommend that you make training mandatory for your employees. The security landscape changes constantly as new phishing strategies emerge, so a simple trainer video at hiring isn’t enough — it’s important to keep all of your employees up to date on their security training.
Of course, at some point you have to test that knowledge. To prove that your employees understand the tenets of cyber security, we send out a spoofed phishing email campaign every month. These campaigns will imitate real phishing emails, and will take a new form every time, but will never feature actual malicious content.
Anyone clicking a link in these phishing campaigns will be brought to a “gotcha” site that explains the security breach they just (hypothetically) committed. In addition, we record which members of your organization interact with the email each month (either “catching” it or “falling for” it), which you can use to keep informed and target your training.
Real phishing emails don’t play fair. They’ll often target sensitive issues: holiday bonuses in December, tax alerts in April, COVID-19 test updates, stimulus checks…the list goes on. Hackers will use whatever works, and they don’t have any reservations about poking touchy subjects.
Though we never set out to exploit sensitive topics, actual malicious campaigns certainly will. The question isn’t “if” you’ll receive a convincing, topical phishing email — the question is “when.” By keeping your team members prepared, you’ll ensure that they’re ready to catch those attempts that sneak through, and keep your organization secure.