Security researcher recommends anti-phishing training for all staff

According to Matt Ryan of the Florida-based company, whilst IT hardware and software options are incredibly useful tools to safeguard your systems from intrusion, all the investment in the world could fail if one user on the network clicks a link and effectively invites a threat onto the network.

And this, he observes, is where user education can succeed.

In his security blog – backed up with a useful YouTube video – Ryan said that, unless your staff is made up of security experts, the chances are high that staff (not hardware or software) may pose the biggest threat to your network.

“Simply put, a lack of knowledge on the part of you and your staff can have a devastating result on the security of your network. Modern hackers and malicious intruders are quickly adapting to software and hardware blocks, and they are constantly seeking new methods for finding a back door into your network”, he said.

“Phishing scams have grown where traditional intrusion attacks are fading away. This is due in great part to how easy it is to manipulate people into revealing private personal and corporate information using a few simple tricks”, he added.

Mann goes on to make the interesting observation that simply using suspect URL lists – and blocking them on the company network – may well be a lost cause, as new malicious sites now crop up every minute, and the vast networks these professional criminal organisations have at their disposal can push out the latest scam in an instant.

Your staff, he explained, may not be aware of how to identify a URL before they click on it, or even that they have a need to. They trust – in many cases blindly – what they receive from their friends and family, and it only takes a single malicious link to take down even the most advanced network, he said.

Mann argues that educating your staff and teaching them how to identify, avoid, and report malicious links being sent to and from your network can save your company a lot of money.

“Even your more experienced IT staff may not be privy to the latest forms of phishing scams currently making their way across the web”, he said.

After mentioning his firm's internet security awareness training services, Mann goes on to say that security training tackles the phishing problem at its root and the result, he claimed, is a significantly safer network, which could mean the difference between sensitive data remaining secure, and being distributed freely across the web to the highest bidder.

“Cyberheists are quickly overtaking more traditional major crime operations due in part to their relative simplicity and the widespread vulnerability poised by a vastly undereducated majority of users”, he said.

“Taking the extra steps to educate your staff can be the difference between your company earning a reputation of trust, and being added to the list of security risks consumers are advised to avoid doing business with”, he added.

What’s Hot on Infosecurity Magazine?