Phishing is devastating to your company. One successful phishing attack can lead to data-loss, compromised networks and systems, and can put the continuity of your business in jeopardy. The risk of being attacked successfully is high, given a large number of targets (your employees) in a company. Increasing employee awareness about phishing with gamification, phishing simulations and e-learnings are well-known measures that companies take to mitigate the phishing risk. Nevertheless, we see that employees bring their defences down once they receive offers that they cannot refuse. Whether it is from a demanding manager or an email that is just too good to be true.
Making your employees aware of the risk is just not enough to keep your company secure from phishing. Think about it differently and let employees adhere to just one simple rule: Mind your own business. Because if they do, an e-mail with a link to a malicious website would never stand a chance. This rule triggers employees to apply the security awareness lessons at the moment an e-mail comes in that is not directly related to your company’s business. For example, receiving a phishing e-mail with an incorrectly spelled link would mean that it has nothing to do with the daily activities of your business.
And yes, it is a different approach and we hear you thinking that it is another rule that you would need to add to the long list of security awareness points. Fortunately, this approach makes it possible to automate the human defences and to leverage current awareness initiatives of your company. White list business-related websites automatically, make it employee specific and then combine it with your company’s security awareness campaign. Who would imagine that minding your own business would be the strongest defence against the most successful attacks today?