Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


Phishing scams: Use these free tools to help test your weakest security link

Post a Fraud Alert:

QUESTION: What can I do to test my employees to see how likely they are to fall for a phishing scam?

ANSWER: More than ever, businesses are a primary target of cybercriminals because they know that a business is more likely to pay more in a ransomware scam or wire fraud scam.

Not only is there more money to be made, they have a larger number of targets they can pursue to achieve their goals. All it takes is one user in the company to fall for a cleverly crafted email for the infiltration to begin.

The weakest security link

No matter how sophisticated your cybersecurity technology has been set up to prevent unauthorized access to your network, your employees are your last line of defense.

Your users are also the easiest way to gain access, so rather than trying to penetrate your technology fortress head on, thieves will simply use clever tricks on humans to bypass your security systems.

The methods used by cyberthieves continue to evolve, so continuous education and awareness of the threat is the only way to harden your employees.

Cybersecurity is never going to be a “fire and forget” process, so building a strategic plan for ongoing education is highly recommended.

It should be considered a compliance issue much like you approach accounting and HR issues and regulations.

Free test tools

Lots of companies have created tools and resources that will both test and educate your employees.

One of my long-time favorites is a company called KnowBe4 (https://knowbe4.com), which offers over a dozen free tools that any business can use to test their employees or check for breach exposures.

Another reason I like this company is because their “Chief Hacking Officer” is Kevin Mitnick, once known as the “World’s Most Wanted Hacker” in the mid-’90s and author of “The Art of Deception: Controlling the Human Element of Security.”

More newsletters

He’s since turned his talents from crime to consulting (http://bit.ly/2WnQybB) and helps companies understand how hackers think and act.

CLOSE

To prevent criminals from opening bank, utility and phone accounts in your name, you need more than a credit freeze. Here’s what to do.
USA TODAY

Phishing reply test

Of the 14 free tools offered by KnowBe4, one of the most helpful is the “Phishing Reply Test” (http://bit.ly/2DMFHkt) because it shows you who opened the suspicious message but more importantly, who fell for the trick and replied to the message.

You can choose from 3 different scenarios to send to your employees and spoof the sender’s name by using someone they would likely trust — just like real phishing scams often do — then compile the results for you within 24 hours. 

CEO fraud attack

Testing to see if your employees will fall for a spoofed internal email is always a good check, as a fake message from an important person in your organization is a common attack technique.

The “Domain Spoof Test” (http://bit.ly/2DNWxzc) will require that the person in charge of your email platform and security be involved, because it’s a little more involved than some of the other tests.

Each of their free test tools (http://bit.ly/2DNDZPB) can be requested by filling out the form associated with each tool, so it won’t take long for you to start assessing your employees so you’ll know what you need to teach them.

Ken Colburn is the founder and CEO of Data Doctors Computer Services, datadoctors.com. Ask any tech question at https://facebook.com/DataDoctors or on Twitter @TheDataDoc.

Article source: https://www.azcentral.com/story/money/business/tech/2019/05/08/phishing-scams-free-tools-help-test-your-weakest-security-link/1090399001/