You open your inbox and nestled among the usual emails from vendors, clients, and employees is an email you weren't expecting.
It is from a friend you haven't heard from in a long time, and he is writing to ask a favor. Suspicious, right? But how do you know for sure it is a phishing attempt?
If you had a red phish in your email menu, you wouldn't have to wonder.
You would simply click the red phish and the email would soar away to Adept Solutions for review.
Statistics show the need for IT Security Awareness Training
The best part of the red phish is that it comes with IT Security Awareness Training for your team—which is a good thing in light of current cybersecurity statistics.
According to the 2020 Verizon Data Breach Investigation Report:
43% of online attacks are aimed at small businesses
30% of breaches are caused by phishing—this is the biggest threat for small organizations
27% of breaches are caused by stolen credentials
16% of breaches are caused by Password dumpers
"Hackers are getting smarter, attacks are occurring faster, and incidents are becoming more complex," says a CNBC report. "What’s more, given that digital threats tend to go an average of 101 days before being detected by business operators, the damage to an organization from such compromises can quickly add up."
Employees are your weakest link
Your staff, through carelessness or lack of knowledge, can put your business at risk.
A Shred-it survey revealed that one in three small business owners (31%) say human error or accidental loss by an employee/insider caused a breach. The study also showed a lack of training left employees unaware of IT security policies and best practices.
IT Security Training includes creating an AUP
An Acceptable Use Policy is essential to the success of your cybersecurity efforts. This policy outlines what is and what is not an acceptable use of your company's IT systems and data. Your AUP can protect your business from legal ramifications and should be reviewed by a lawyer.
As part of Adept's IT Security Training, we help you create a policy specific to your business. It will include General Use and Ownership guidelines, Security Guidelines for Proprietary Information, Unacceptable Use, and Enforcement.
We recommend that this policy be reviewed and signed by your employees each year. New employees should read and sign the AUP before beginning work.
Your IT security policy is the foundation of your cybersecurity program—but it, alone, is not enough to protect you from threats. The policy cannot cover every possible risk, and not every employee will follow it with precision.
That's why IT Security Awareness Training is important.
Why engage in IT Security Awareness Training?
"Training personnel ... is a logical answer to the problem of employee carelessness," says the Kaspersky Daily. "Training is essential in raising awareness among personnel and motivating them to pay attention to cyberthreats and countermeasures. It is only through educating staff about the importance of working safely, that businesses can help to mitigate the risk ... and safeguard what is most important to them—their data."
Adept Solutions firmly believes education is key to protecting businesses from cybercrime. After researching many security vendors, Adept recently partnered with Infosec IQ to offer IT Security Awareness Training to our partners.
What does the training include?
Adept Solutions/Infosec IQ training consists of:
Lessons include videos, posters, and infographics
All lessons are mapped to the National Institute of Standards and Technology (NIST) recommended cybersecurity topics.
Following each video, a 10 question quiz assesses what was learned.
Random, realistic phishing simulation emails help users learn how to avoid actual threats in their environment.
PhishNotify Button (the red phish!)
This button is added to the employee's email menu. If they receive an email they suspect is a phishing attempt, they click the button.
If it is a phishing simulation sent by Infosec, they receive a message saying: You have successfully detected an Infosec IQ phishing simulation email.
If it is not a simulation, the message will read: This email is not a simulated phishing email and may be malicious. It is being sent to the Adept Solutions Engineers for further analysis.
Employees are assigned grades based on phishing simulations identified, lessons completed, and assessments passed.
Managers receive weekly reports on learner's progress.
Each learner has their own portal that posts the company's Acceptable Use Policy, their phishing record, and lesson assignments.
Cost of the Training
IT Security Awareness Training is included in Managed Service Agreements. For partners who are not fully managed please contact your account manager for pricing.
We look forward to giving your team members their very own red phish and training that can safeguard your business and data. Contact us at 530-751-5100.