Your employee receives an email from Amazon or UPS. They click on the embedded link, thinking they’re following it to track a package. When it won’t open, they shrug off the oddity and delete it.
Sometimes it’s not an email. Instead, it’s a banner ad telling your employee that they have a virus and need antivirus software. When your employee clicks, nothing happens once again, and they think little of it.
A sinister piece of malware is now methodically infecting your company’s systems. In the best of cases, it just sits on the initial computer and slows down employee activity. Maybe it uses computer resources to mine Bitcoin or keeps an employee from opening Google Chrome. But what if it spreads, and your whole network slows to a snail’s pace? Now, your operations have crawled to a halt and you’re losing precious revenue by the second.
In other cases, the oblivious employee has loaded a piece of spyware onto your company server. It collects sensitive company data silently, piece by piece—they harvest bank statements, bank account and routing numbers, passwords, social security numbers, home addresses. Your employees have their identities stolen, bank accounts drained, and loans taken out in their name. Furthermore, since you, the business owner, didn’t do anything to prevent this, you could be held liable for damages.
Your employee has fallen victim to a highly perilous phishing attack, a form of social engineering where a hacker tricks a human victim into yielding access to sensitive information or allowing them to infiltrate the user’s system.
This is to say nothing of the threat of ransomware, something we address in a recent blog.
There, we mention data hijackings for companies like Colonial Pipeline and JBS, and The Washington Post recently published an article detailing retaliatory lawsuits by consumers and workers against companies whose lax cybersecurity hurt them.
Gray Leaf knows that the common denominator in all these events is the employee. In the chain of security, humans are the weakest link and therefore always the target of phishing efforts. In response to this danger, we’ve developed our Advanced Security Awareness Program (ASAP) to develop employee awareness and ability to protect themselves and your business.
ASAP involves three major services: monthly trainings, simulated phishing attacks, and phishing reporting mechanisms in the customer’s email client.
Now, when we say trainings, we purposely use very short trainings meant not to encumber your day-to-day operations. Traditional trainings are tedious, easily forgotten, and lack reliable feedback mechanisms. ASAP trainings are, in some cases, as short as 10-15 minutes. They are entertaining yet informative and yield measurable, actionable results.
Our simulated phishing initiative involves sending fake, entirely harmless emails designed to mimic phishing attacks. These simulated attacks range in difficulty from the easily identifiable to the indistinguishable. If an employee clicks on one of these phishing links, that click is logged for you to review and the clicker is redirected to a help page to help them learn what they should have looked for. The goal is not for this to be a game of “Gotcha!”, rather it is an opportunity for all involved to learn how to keep company and personal data safe.
Finally, we supply a reporting mechanism that integrates with your company email client. If an employee suspects an email of being a phishing attempt, they can submit that message for inspection and subsequent blacklisting from company servers if necessary. Not only does this protect the individual, but it also protects the rest of your company.
As part of our program, one of our project managers will schedule monthly check-ins with you to review simulated phishing statistics, employee feedback on trainings, and to decide on initiatives for the next month. While the initial kick-off call can last 30-60 minutes, monthly follow-ups typically last only 15-20. Our priority is to provide you with an effective employee training method that doesn’t bog down your day-to-day activity.
With cybersecurity becoming more and more important for a 21st century company, Gray Leaf wants to make it easy for you. We leverage decades of experience in IT, cybersecurity, and disaster management from developers who have worked for such entities as the United States Coast Guard, Cigna, and the Federal Emergency Management Agency (FEMA) and countless small and medium sized businesses and non-profits. As such, there is no one more prepared to work with you in keeping your company assets safe.