This month we will look further into Security Awareness training. When creating a program or performing a refresh of the content, it’s important to cover the topics your organization will likely face.

Educating employees on phishing emails is possibly the most crucial part of the training to be conducted. There are many great providers of automated and industry/role type specific training. The simulations should occur frequently and guide the employee in how to identify phishing emails as well as how to report suspicious emails safely (such as with a phishing button) to your Cyber Security team for investigation and remediation.

A recent article from Fortra found that:

• In H1 2023, the average brand was targeted by nearly 40 look-alike domains every month
• 77% of look-alike domains deemed malicious hosted phishing sites
• Cybercriminals are now paying to register look-alike domains after free registrations of top-level domains decreased by 80% in Q1 2023
• For the first time since reporting on domain data, Fortra has seen cybercriminals favoring Country-Code Top-Level Domains (ccTLDs) such as .UK or .CN
• More than 62% of spoofed email display names impersonated well-known brands, including Microsoft and Google

Industry specific training should help spot threats to your organization. Role specific training such as sales and marketing training would assist in researching prospects and competition and identifying whether the links and sites for research are legitimate as well as spotting look alike domains. Legal training could involve data privacy, social engineering as well as breaches and reporting. Continuous improvement should be the goal of your training program, improving your employee’s ability to protect and identify threats on the front line.