That’s not just because ransomware attacks that utilize phishing are so widespread and costly. It’s also that managing this risk is especially difficult given that companies have such a large attack surface – virtually their entire workforce.
What is phishing, and how does it contribute to the threat of ransomware? Simply put, phishing is a social engineering tactic in which threat actors impersonate reputable companies or individuals in order to trick a victim into downloading malware or disclosing sensitive information. Ransomware hackers often use phishing to gain access to their targets, including through deceptive emails or other channels, such as social media. Because phishing can target any employee, staying safe demands a company-wide effort.
And how widespread is the problem of ransomware? Verizon’s 2020 Data Breach Investigations Report found that ransomware accounts for 24% of malware incidents. And in a recent study of more than 1,000 IT decision makers around the world conducted by Mimecast, 51% of respondents said their organizations had been affected by ransomware in the previous 12 months – while 58% said they had seen an increase in phishing attacks during that period.
Given the importance of detecting phishing emails, today’s cybersecurity teams aren’t just responsible for protecting employees and company assets. Their jobs also require them to educate their colleagues on how to protect themselves from these dangers.
How can cybersecurity professionals reach out to colleagues across departments and protect their companies from phishing and ransomware attacks? These nine tips can help drive a whole-company approach to phishing detection:
#1: Make sure your colleagues understand the risk
Chances are that your colleagues are very busy, and frequent emails likely take up a significant amount of their time. It’s important for them to take proper precautions with those emails, but that requires them to take time and attention away from their particular job responsibilities. For many employees – even hard-working, responsible, and diligent ones – that can be a hard sell.
So, before expecting them to follow any of the guidelines and best practices for detecting and staying safe from phishing emails, it’s a good idea to make sure they understand what phishing is, how it is used to facilitate ransomware attacks, and how high the stakes are. You’ll also want to make sure they understand that the threat is widespread and growing in companies around the world.
Remember: The goal here is to make sure employees see phishing detection not just as a problem for your IT or cybersecurity team members to worry about, but as a company-wide necessity, so that they will be motivated to step up and watch out for possible threats in their inboxes.
#2: Teach them classic telltale signs of phishing
To make sure your colleagues know how to detect a phishing attack, it’s important to teach them the key signs to watch out for in their inboxes. The red flags that they should watch out for when they open an email include:
General sloppiness, such as grammatical errors or even simple typos suggesting that the email was not written by a professional who specializes in written communication. These mistakes can also be an indication that a threat actor overseas is pretending to be a native English speaker.
Inconsistencies between the sender’s name and the domain from which the email was sent. For example, sometimes a phishing email will say it’s from a specific company, but the email address from which it was sent does not end with the company’s actual domain name. Employees should look especially carefully here, because the differences between the domains used for phishing and those of legitimate companies can be very subtle.
Urgent requests, such as instructions to take a specified action immediately in order to avert a minor (or major) catastrophe. This is a method that threat actors sometimes use to manipulate normally cautious employees into falling for a phishing attack before taking the time to carefully consider whether the email is legitimate. Employees should also keep in mind that these requests may appear to come from within the company, especially from management.
Suspicious instructions or alerts that appear to come from major companies or organizations, such as a message that a user must click a link and log into their account in order to maintain access to that account.
Links or attachments that the user has not requested, which could be used to install ransomware or other malware. Workers should also know that, if in doubt, they can hover over a link to see the URL it leads to.
#3: Make sure they know who to contact – and who not to
Detecting a phishing attack is just the first step for which you’ll want to train colleagues throughout your company. What do you want them to do if they suspect that an email they’ve received is part of a phishing attempt? Who should they contact? Just like cybersecurity teams should have procedures in place for handling potential threats, it’s important to make sure that your coworkers know how they should handle an email that they suspect is part of an attempted phishing attack.
Just as importantly, it’s important for your fellow employees to know what not to do and who not to contact if they detect a suspected phishing email. First and foremost, they should know not to reply to the email, click any links, or open any attachments.
Keep in mind that while some of these instructions may be obvious to the staff of a cybersecurity department and even to many coworkers company-wide, even one employee who doesn’t know the proper steps to take (or not to take) represents a real security vulnerability. So, if your company is like most, it’s worth your while to explain very clearly and simply both what to do and what not to do if an employee has suspicions regarding an email they’ve received.
#4: Make sure to get seen and heard
What’s the most effective way to teach your fellow employees which signs to watch out for in order to detect a phishing email?
First and foremost, it is important to conduct mandatory training sessions for all employees, whether remotely or in person. Not only does this give you a forum for teaching employees what they need to know about phishing and ransomware, but it also gives them a chance to meet you, so that they know where to turn if they have questions about possible phishing attempts or other cybersecurity concerns. Also, having interactive sessions gives you a chance to read your audience and make sure they’re getting the key takeaways that they should.
In addition, some companies have taken other steps to make sure employees know both why and how they should watch out for suspicious emails, such as putting up posters around the office. While every company is different, it is likely a good idea to teach best practices for detecting phishing emails in multiple ways in order to minimize the chances of an employee slipping through the cracks.
#5: Use visual examples to enhance phishing detection
Whichever media and tools you use to train your employees, it is important to provide them with examples in addition to guidelines. Not only can a concrete example give them a clearer sense of what kinds of emails should make them suspicious, but it can drive home the point that phishing and ransomware attacks present a real and widespread threat that demands their attention. Just as importantly, visual examples can help you keep your audience’s attention – whether during a training session, in an email, or on a poster.
When picking instances to highlight, aim for a variety of examples in order to illustrate both the telltale signs that employees should watch out for and the types of schemes that threat actors often use in phishing emails and on phishing websites.
If possible, it’s a good idea to show them real examples for which you can provide context. Who sent the email, and what was their goal? How did the recipient react, and how was the problem resolved? Was the phishing attempt successful? By providing details like these, you can also use the visual examples as a story reinforcing best practices for handling a suspicious email.
#6: Test your company’s preparedness
How well is your company prepared for the risk of an attack involving both phishing and ransomware? The most reliable way to find out is through testing. And, when it comes to a company-wide effort like phishing detection, testing also has the benefit of pushing employees across departments to take the threat of a possible cyberattack seriously.
How can you test your company’s preparedness? One simple but effective way to make sure your colleagues know how to detect a phishing email (and handle it properly) is to periodically send employees a harmless email designed to mimic a phishing attack. The important point here is to use this as a training opportunity, both for you and for your colleagues across departments. Any useful feedback you can give an employee about their handling of a mock-phishing email – positive or negative – gives them insights that can help them learn how to detect a phishing email in the future.
It’s also important to analyze the results of your tests throughout your company and adjust your training program accordingly. If you see that many employees are mishandling the test emails they receive, it’s likely a sign that your entire company (or a significant portion of it) would benefit from some additional training.
#7: Remind them, and remind them often
Just like you wouldn’t want your coworkers to put their guard down when it comes to phishing detection, it’s important not to put your guard down when it comes to training and preparing them. After all, today’s workers are often bombarded with information – especially via email – and even the most effective training initiatives risk getting forgotten if employees are not reminded.
How often do employees need to be retrained in order to remember how to detect a phishing attack? A recent study showed that the effectiveness of phishing training programs fades after just several months, making it important for companies to conduct training sessions every six months.
Testing your company’s preparedness also provides you with an opportunity to remind your coworkers of these important lessons in an interactive, engaging way. Of course, employees are likely to tune out information that seems obvious and redundant, so it’s important to frequently update the way you train them to protect both themselves and your company from phishing attempts. That brings us to another critical tip…
#8: Get them up to speed on the latest schemes, scams, and shenanigans
If you’re a cybersecurity professional, then you already know what a fast-moving field this is. Your coworkers in other departments might know this, too. But do they know how it changes? Do they know the latest trends and incidents, and do they know what key lessons they can take away from these developments?
Most likely, you have far more expertise than most of those coworkers regarding the latest developments in the realm of phishing, ransomware, malware, and other kinds of cyberthreats. While much of that information is beyond the scope that they really need to know, the latest cybersecurity news may give you insights that are worth sharing with them.
Have phishing attempts been more or less common recently? Have other companies in your field fallen victim to them? Has your company successfully detected attempted phishing and ransomware attacks and mitigated the risk they pose? Do you have good reason to suspect that your company could be targeted by phishing and ransomware in the near future? Not only can this kind of information help your coworkers know what specific signs they should watch out for in their inboxes, but it can keep your training engaging so that your colleagues will treat it with the attention cyberthreats demand.
#9: Use proactive threat intelligence
Finally, in order to keep your entire company up to speed with the information needed to detect phishing emails and handle them properly, it’s important to have the latest insights on the cyberthreat landscape you face.
Have there been recent attempts to steal information from your company and sell it online? Have threat actors recently attempted to attack you through phishing, ransomware, and/or other malware? Have your competitors or partners been targeted in a way that makes you suspect you could be next? By helping companies answer questions like these, robust threat intelligence serves as one of today’s most effective tools for detecting phishing risks before they materialize.
In many cases, the first signs that a cyberattack could be around the corner can be found on the dark web, where many threat actors communicate in order to stay anonymous. Because many cyberattacks involve multiple threat actors working together for profit, it is common to find evidence that hackers and other cybercriminals are looking to buy and sell stolen information via underground forums. By monitoring the dark web as part of your cyberthreat intel program, you can seek out likely phishing risks (as well as other types of threats) before they materialize and put your company at risk.
Not only can this approach to cyberthreat intelligence help you mitigate any threats you discover, but it can provide you with insights and examples you can use to train your team members on how to stay safe from phishing and ransomware.
How does monitoring the dark web help you protect your company or organization from phishing, ransomware, and other cyberthreats? To see how Cybersixgill's dark web-focused approach to threat intelligence gives you advance warning of dangers you could face, request a demo of our solutions.