Decrease Successful Hacks by Improving Your Weakest Links
Companies spend millions on technology security annually to keep their virtual doors and windows locked. This investment is a huge waste of money if they haven’t adequately trained their employees about how to keep these doors and windows secured. Because of this oversight, employees can become the weakest link to an organization’s cybersecurity posture.
This isn’t an article that dredges up yet another story of an attack or lectures you about what you need to do to prevent an attack. Not everything in the cybersecurity world is doom and gloom. Instead, this article celebrates a company that strengthened its weakest links in a matter of a few months and for a relatively small investment.
XYZ company handles Personally Identifiable Information (PII), SSNs, credit card numbers, DOB, etc. This is the type of data hackers like to steal because they can use it to steal your identity or sell it on the dark web. Increasingly, hackers are holding data for ransom. Recently, there has been an increase of hackers holding your data for ransom. These hackers are attacking police departments, small businesses, hospitals, and individuals to name a few. Wannacry is one of the latest versions of this type of ransomware attack. Like a lot of companies, XYZ is a small business and doesn’t have endless resources to put towards technology and training. Sound familiar?
XYZ enlisted OCD Tech to significantly improve their weakest links, their employees, from falling prey to nefarious emails. XYZ did an annual security awareness program that had limited success right after training. However, several months later, the weak links started reappearing and selecting links in emails from bad actors. For this reason, XYZ needed a solution that would keep the number of weak links at a minimum throughout the entire year, not just shortly after training.
OCD Tech implemented a “drip” phishing campaign that sends periodic phishing emails to a few people at a time. These emails vary from employee to employee and get harder when employees don’t get caught by the phishing email. The emails also incorporate themes such as the holidays when everyone is getting FedEx, UPS or Amazon packages and are constantly updated based on world events or the latest cybersecurity news.
The company received training from OCD Tech before the phishing program started. Even though the employees at XYZ knew the phishing emails were coming and how to detect them, 25% of the employees fell prey to phishing. However, in a few months, the number of people selecting the malicious link had dropped to low single digits. XYZ has consistently maintained a 1% to 2% hit rate.
The employees who are still falling prey to the phishing emails are informed immediately that they clicked on a link that they shouldn’t have. In addition to the immediate feedback, employees are given an online tutorial designed to change their behavior so they don’t continue falling prey to the phishing emails.
Contact OCD Tech if you would like to learn more about this training and phishing software, so you can significantly reduce the number of windows and doors your employees open for hackers.