Every employee at SDN Communications receives a fake email from the IT department about once a month. Employees at the Sioux Falls-based company don’t know when the message will arrive or what it will say, and it probably will be different than one a colleague has.
The programmed emails are part of ongoing training designed to help SDN’s around 160 employees recognize and thwart phishing attacks.
The emails that appear to come from reputable sources are deceitful phishing attempts to obtain sensitive company information or unauthorized access to your network. Phishing is an online form of social engineering or manipulation used to acquire personal information. The tactics used to receive information happen through emails or phone calls (vishing).
SDN monitors how many employees get tricked into clicking on a suspicious link through its email training. The intent isn’t to shame employees who to take the bait, rather teach them to avoid cybersecurity risks.
After all, it’s important that a prominent, broadband technology company is vigilant in fighting cybercrime, and phishing is one of the most common weapons used by cyber criminals.
“Phishing is happening on a daily basis to numerous employees within our organization,” says Chad Pew, manager of IT at SDN.
Hundreds, possibly thousands of phishing emails get stopped in SDN’s spam filtering system every day, Pew says. However, employees must remain alert for other emails with tainted links that make it to their addresses.
Twice in the past year, SDN sent test emails to all its employees at the same time. But it’s better to check them randomly, Pew says. So, in recent months, SDN has been using a programming service from KnowBe4.com to test employees at different times individually.
“The results have actually been really good,” Pew says.
The first month’s test resulted in a failure rate of 3.7 percent. The rate dropped to less than 1 percent on the second test, indicating that just one employee fell for the trickery.
Other business organizations get attacked at similar rates of frequency as SDN, says Pew.
These cyber attacks on companies typically succeed when someone within an organization is enticed into opening an infected email, visiting a bad website or clicking on a contaminated link. Cybercriminals’ increasing use of ransomware and other forms of malware have made real, ongoing employee training a necessity.
KnowBe4 distributes a free e-book, titled “Cyberheist: The biggest financial threat facing American businesses since the meltdown of 2008.” It says the best way to avoid attacks is to know the “telltale signs of phishing.”
“The best ways to avoid falling prey to phishing attacks are to ignore spam and to steer clear of clicking links in Tweets, Facebook pages, suspicious blog posts, and the like,” according to “Cyberheist.” “If that’s too much to ask, be sure to look over messages, Tweets, and posts carefully…”
Combatting phishing attacks is largely a matter of common sense. Here are some tips to remember when using email to avoid getting hooked by phishing:
- Be cautious. View any email requests for personal or company information with suspicion.
- Look for errors in the message. Phishing emails often contain strange phrasing and poor grammar.
- Attacks often include threatening language and urgent calls for action.
- Hover over the link to see the actual URL to double-check its legitimacy.
- Look closely at the “from” line of the address. It might resemble a legitimate address but contain slightly different characters.
With a network of more than 30,000 miles of fiber, SDN is a regional leader in business connectivity and cyber security services. For more information about SDN, see www.sdncommunications.com.
Download SDN’s three cybersecurity posters, including one on phishing, to help raise cyber awareness at your business. Use the button below.