We have previously written about how phishing attacks are rising, increased risks that working from home bring and shared with you a google quiz test to see if you can spot Phishing bait. Today we are going to share a case study of how we have helped Client X by setting up a phishing simulator and associated reports (identity hidden for security reasons).
Phishing is an entry point for ransomware attacks and is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details. Typically carried out by email spoofing, it often directs users to enter personal information on a fake website, the look and feel of which are identical to a legitimate site.
Every employee is a potential phishing target - from CEO's and finance teams who are the gatekeepers of corporate funds, HR and legal teams who deal with personal data and bank account details, IT staff who have access to sensitive information and administrators who often assist the whole business.
Client X is ISO27001 registered. ISO27001 is an international standard on how to manage information security. It confers certain obligations onto its members and therefore Client X has strict procedures and practices to follow.
Client X holds valuable customer data and has an obligation to be as secure as possible. Shadowfax strongly recommend using a anti-spam/anti-virus and anti phising product such as Barracuda to all of our clients. Due to ISO27001 requirements Client X needed extra protection.
Client X needed to regularly simulate phishing attacks and have reports on how staff reacted to them - would anyone be complacent and click the bait?!
Shadowfax set up a regular 2 monthly schedule which included monthly phishing simulation and monthly reporting stating which, if any, staff clicked on bait and how staff generally reacted to the email - by tracking the those who deleted it and those who forwarded it. The phishing simulation is regularly conducted to keep a close check on the staff to swiftly identify any shortcomings to aid in identifying who would benefit from additional training and where this training needed to focus.
Prior to any phishing training the average company has a phishing attack failure rate of 40% though this does vary per industry. 90% ransomware attacks and data loss start with a phishing attack therefore it is very important to put software in place to prevent and also incorporate regular training of those using the emails.
Get in touch
Your trusted IT partner
Taking care of business
Although we know each business has different needs, we have put together our most common support packages so you can get an idea of the support we can offer.
We can also tailor packages to suit particular needs. Please call if you would like to talk about a slightly different mix of services/products and we will be happy to help.