Latest News

Cybersecurity Training is an essential part of an effective cybersecurity defence. Are your staff members supporting your cybersecurity? Or putting it at risk?

Did you know that more than 90% of cybersecurity incidents can be traced back to human error?

The fact is that what you (and your staff) don’t know could hurt you. If your staff isn’t up to date on the latest cybercrime scams, then they’re putting your data and reputation at risk, simple as that.

The best cybersecurity technology and practices in the world can be undone by one staff member who doesn’t understand how to use them, or how to protect the data they work with. These types of staff members make ideal targets for phishing scams. 

What Is Phishing?

Phishing is a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers. 

Phishing attacks are mass emails that request confidential information or credentials under pretences, link to malicious websites or include malware as an attachment.

Lately, phishing attacks are becoming more targeted with cybercriminals being able to access more than 15 billion stolen account credentials circulating on the dark web, including personal information, stolen usernames and passwords. 

With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information. 

Why Is Phishing Dangerous?

First of all, it’s prevalent. At the start of this year, Google had registered 2,145,013 phishing sites, a drastic increase from 1,690,000 the year before. 

Furthermore, the average phishing attack costs businesses $1.6 million. The problem with the rising tide of cybercrime incidents is that you get desensitised to the whole thing. 

Lastly, the fact is that businesses aren't learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years, and by 47% in the first quarter of 2021 alone. 

How To Identify A Phishing Email

Share these key tips with your employees to ensure they know how to spot a phishing attempt:

1. Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company – but talk is cheap. It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
   
   
2. Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
   
   
3. Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
   
   
4. Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as "Valued Customer" — this allows them to use the same email for multiple targets in a mass attack.
   
   
5. Urgent and Threatening: If the subject line makes it sound like an emergency — "Your account has been suspended", or "You're being hacked" — that's another red flag. It's in the scammer's interest to make you panic and move quickly, which might lead to you overlooking other indicators that it's a phishing email.
   
   
6. Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it's only more proof that the email is likely part of a phishing attempt.
   
   

What’s The #1 Way To Protect Against Phishing?

Cybersecurity Training is by far the most effective way to defend your organisation from phishing. This method recognises how important the user is in your cybersecurity efforts.

A comprehensive cybersecurity training curriculum will train users to ask important questions about each and every email they receive:

• Do I know the sender of this email?
• Does it make sense that it was sent to me?
• Can I verify that the attached link or PDF is safe?
• Does the email threaten to close my accounts or cancel my cards if I don't provide information?
• Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
• Does anything seem "off" about this email, its contents or sender? 


The right training services will offer exercises, interactive programs, and even simulated phishing attacks to test your staff on a number of key areas:

• How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
• How to use business technology without exposing data and other assets to external threats by accident.
• How to respond when you suspect that an attack is occurring or has occurred.
  
  

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don't, and therefore present a serious threat to your security. 

Why Is Cybersecurity Awareness Training So Important?

User awareness is a fundamental part of effective cybersecurity. It can protect your organisation from a range of threats. 

The fact is that a majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn't enough.

Much of cybersecurity is dependent on the user, and as such it's vital that you properly educate your employees and volunteers in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner.

CyberUnlocked Will Train Your Staff To Protect Your Business

Our employee security training services offer a range of critical features and components, all of which helps to make your staff more aware of the threats they face at work every day:

• Baseline: We provide baseline simulated phishing attacks to determine the starting point of your organisation and provide a training plan.
  
  
• Train Your Users: Succinct, easily consumed courses increase employee attentiveness and the overall effectiveness of cybersecurity education programs. The majority of our current training courses take 10 minutes or less to complete and all involve the employee by being informative and interactive.
  
  
• Phish Your Users: We offer realistic phishing simulations that let you test and measure real-world employee cyber-awareness and training effectiveness. Results allow us to customise further campaigns to employees as needed.
• See the Results: Activity reports can be shared with management to measure progress, risk score and ROI. Training reports show user progress, so accountability and value are always clear.

Phishing and credential theft are the number one tactics used in breaches, with user error being more common than malware as the causal factor. With our training, you can significantly reduce the odds of employees taking the bait.

We Will Train Your Team To Be Cybersecurity Experts

The good news is that you don’t have to handle cybersecurity training for your team by yourself — CyberUnlocked is here to help. With our expert assistance, your staff will contribute to your cybersecurity, not compromise it.