<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1018517621595528&amp;ev=PageView&amp;noscript=1">
How to
Jonathan Crowe
Jul 2016

The Phishing Field Guide: Protect Your Users by Thinking Like a Phisher (eBook Sneak Peek)

Photo by Source

barkly-lure-phishing-guide-promo.gif

We love talking with IT pros about security, and one question we always ask is: What's your biggest security challenge right now?

The top two answers we get (by far) are:

  1. Users
  2. Phishing


That probably doesn't come as much of a surprise. Users have long been considered part of the "soft, chewy center" that makes organizations most vulnerable to attack. And their tendency to click on phishing emails is a big reason why. 

Phishing emails are responsible for the #1 and #3 delivery vehicles for malware (see the chart below). Combine that with the fact that the average spear phishing attack costs companies $1.6 million, and it's clear why the threat of getting phished keeps so many security and IT pros up at night. 

Top_5_malware_delivery_vehicles.png

Source: Verizon 2016 DBIR

 

What is somewhat surprising is just how successful phishing campaigns are. Doesn't everyone know not to respond to that email from exiled Nigerian royalty promising fortune and glory?

The problem is phishing emails have become much more convincing. For starters, they can be expressly customized, even going so far as to pull in information from the target's social media profile in order to make the message more relevant and credible.

This past spring, employees at over 50 companies (including SnapChat and Care.com) fell victim to spear phishing emails where criminals successfully impersonated the CEO in order to obtain copies of employee tax forms. 

1 in 5 employees who receive a phishing email will respond to it. Who are the people most likely to be phished in your company? And how can you keep them safe?


To get a better understanding of why spear phishers target who they target, you need to learn how to think like them. And to develop better ways of educating your users, you need to be able to put yourself in their mindset, too. 

To help you do that, we've developed a new eBook we're calling the Phishing Field Guide: How to Keep Your Users Off the Hook.

phishing_field_guide_preview.jpg

Our new eBook will help you protect your users by teaching you how to think like a phisher.
Download it here.

It's written to help you understand why specific users in your organization are being targeted, what makes them susceptible to phishing in the first place, and what types of tricks they're falling for. Once you have all that information we think you'll be much more effective at teaching them how to avoid taking the bait.

You can download a free copy of the guide here (there's also a few fun bonus features we're including in the download we think you'll really like). 

Keep reading to get a sneak peek of the guide below!

5 Things You'll Find in the Guide:

1) Profiles of Popular Phishing Targets at Your Company

Sales_Shark.png

Get to know the users in your organization who are the most likely targets for spear phishing emails, and learn how to see them through the eyes of the criminals who want to reel them in. 

Sneak Peek: Why & How Phishers Target Salespeople

Salespeople are always chasing the next deal. To them, time is money, and they won’t think twice about taking risks and bending the rules if they believe it will help them move faster. They’re also prospect-pleasers, and their eagerness to oblige can make them prime phishing targets.

As more and more companies conduct business using digital signatures and online forms, salespeople can easily be convinced to visit an insecure site or download an infected file. By the nature of their jobs they can also be incredibly easy to get ahold of. Phishers can typically find their name, phone number, and email address readily available online, and they can be reasonably confident any message they send a salesperson will be at the very least be opened.

2) Steps You Can Take to Protect Users 

Users are only human. Mistakes will happen. They're going to get fooled. That doesn't mean that training is a waste of time (far from it), but it does mean you have to be prepared. Inside the guide you'll find suggestions for additional security measures you can take that will help prevent or limit the damage if and when your users get phished. 

Sneak Peek: How to Protect Salespeople

  • Talk with your purchasing department about how to transfer POs and invoices through methods other than email.
  • Some varieties of ransomware required macros to be enabled. Disable macros across your network to keep a salesperson from accidentally enabling them.
  • Remind salespeople to double-check any linked text they receive in an email. Hovering over the link will show them the URL. If it looks sketchy, they shouldn’t click.

 

3) Tips on How to Adapt Your Training So it Actually Sticks

If we really want security awareness training to be effective, we have to meet users halfway and try to make it as relevant as possible to their day-to-day jobs. In the guide you'll get advice on how to frame your security training differently based on your users' individual challenges and goals.  

Sneak Peek: How to Resonate with Salespeople

  • Remind salespeople about the downtime a phishing attack can cost them. If their computer or phone needs to be cleaned and restored that’s potentially hours or even days of calls, demoes, and closes they’re going to miss out on.
  • Salespeople are very concerned with how your company and its products are perceived. Remind them that if they do get compromised by a phishing attack it could severely damage your company’s reputation with prospective customers.
  • Habit is your best friend when it comes to training salespeople. Breaking down best practices into small, easy to follow instructions will help them be more security conscious.

  

4) Phishing Email Examples

Example_Salesperson_Phishing_Email.png

In addition, we've included sample phishing emails that point out just what to look for in a phishing attack. 

You can share these emails with your users to help them become familiar with red flags to watch out for and what to do next. Get the sample phishing emails as part of the guide.

 

5) Additional Tools & Resources to Keep Your Company Safe

Training users to spot and respond to phishing emails is critical for any organization, but it's also important to keep in mind that training alone won't guarantee your company will be free from malware. 

Users need to be kept up to date re: new threats, new employees need time to be brought up to speed, and some users will simply continue to be more susceptible to phishing attacks than others. 

With that in mind, you'll also find a list of additional resources to leverage and steps you can take to make sure your organization has well-rounded coverage. 

A crucial part of that coverage is endpoint security, and we've designed Barkly to provide protection that automatically stops attacks in real-time, before they can do any damage. It even stops the types of attacks that get past antivirus. Think of it like a safety net, there to protect users even if they do click something they shouldn't. Find out how it works here.

Download the Full Guide Below

Jonathan Crowe

Jonathan Crowe

Jonathan writes about cybersecurity from a practical point of view. He has a strict whitelisting policy for filtering out jargon and only sharing tips and tools that actually work.

blocks-attack-grey-circle.svg

Close the gaps in your security

See how Barkly’s Runtime Malware Defense blocks attacks other solutions miss.

Find out how

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.