Owing to the surge of staff-related security incidents that have been caused by phishing emails, many companies are undertaking cyber security exercises to test their staff’s responsiveness to phishing and spear-phishing attacks. One of the biggest NHS trusts, the Leeds Teaching Hospitals NHS Trust, sent out a fake phishing email to see whether any of its 17,000 members of staff would be tricked into disclosing confidential information.
The result? As reported to the trust’s audit committee, 400 employees (around 2.3% of all staff) responded to the phishing email and revealed confidential information like passwords or network credentials.
It only takes one ill-judged response to a phishing email to generate a data breach. Healthcare organisations in particular are valuable targets because of the highly confidential data they store – personal data that can be used to commit tax fraud or identity fraud.
Technology is not always enough
Although technology like firewalls and anti-spam software can protect your company, there is no guarantee that it can stop 100% of phishing emails from reaching your staff. At that point, your company’s security is in the hands of your staff.
Test your staff’s vulnerability to phishing attacks
A cohesive approach of testing and training can help you minimise the risk of phishing attacks. First, you should test your staff’s vulnerability to such attacks with a phishing simulation (find out about our Simulated Phishing Attack service).
Second, staff awareness education through e-learning courses is the best way to educate and keep your whole staff on top of existing phishing threats and to improve their ability to detect scams (find out about our Phishing Staff Awareness e-learning course).
Last, you can re-run the simulation exercise to measure the improvement. By regularly testing and educating your employees, you will minimise the risk of data breach or malware and ransomware infections.