A new bill recently passed in South Carolina increasing the penalty for bothering alligators. Read that again if you need to. It was prompted after an incident where people were riding one on a mini-golf course; apparently, there is a video.
Why were penalties increased? Don’t people know it’s a bad idea to mess with gators?
What we logically know and what we actually do can often be at odds. We know that clicking on links within emails we’re unsure about isn’t a good idea, but so many of us still do it. The bad guys sending them know how to push our emotional buttons and make things look legit.
We quickly rationalize our decision to click. In the workplace, employees can actually rationalize the clicking more easily because many believe that antivirus software, firewalls, and other security measures will protect them.
This is how businesses land in hot water and expose their sensitive data and their client’s data. But firing everyone isn’t an option and neither is locking everything down super tightly so no one can do anything efficiently. And it’s illegal to feed people to alligators.
So what’s the solution?
It’s not about scaring employees as much as it is about educating them and having some practice drills. Practice makes progress, after all.
Teach Employees to Pause
Being efficient means moving at a quick pace while maintaining accuracy. But in this world, speed is emphasized more. It’s important to teach employees that fake emails will come from seemingly familiar sources so they need to pause before mindlessly assuming the messages are legit.
Once they pause, show them how to proceed with caution and be on the lookout for weird grammar, misspellings, and the like. Encourage them to be safe rather than sorry and call the sender to see if the email is legitimate.
Encourage Conversation About Oddities
Many breaches are made worse when many employees fall for the same scam. Hackers can take over networks a lot faster if several workstations are infected. People hate being wrong and don’t want to broadcast their uncertainty about an email.
Reward employees for sharing concerns regarding possible cybersecurity issues. Get people talking and asking one another–two heads are usually better than one in these situations. Plus, people simply want confirmation.
Conduct Practice Drills
The only way to get better at recognizing phishing emails is to encounter more of them. Work with your IT support to set up drills and then have conversations as to why people did or did not open or click links.
These conversations are opportunities for further education and to narrow down what is causing the most problems. Do these throughout the year so everyone’s skills stay sharp.
Do these suggestions feel daunting?
BestMacs can help! We are happy to partner with you on training and education for your employees because we believe they can absolutely be your best first line of defense. When you combine education with solid monitoring and defense systems, your company and its data will be well protected from phishing scams and better able to handle any that make it through.
We want you to feel safe so you can do your best work. We want your employees to feel confident they’ll be able to recognize oddities and know the best steps to avoid a breach.
People may need harsher penalties to stay away from alligators, but we find education and preparation are better cybersecurity solutions.
Questions? Shoot an email to firstname.lastname@example.org and we’ll be happy to answer!