Legitimate companies today often incorporate personalization into emails. Hackers, on the other hand, send generic emails to thousands (or millions) of different people. A lack of personalization in the To line is a big warning sign to watch out for. Instead of “Dear Susan”, look for generic greetings like “Dear valued customer”.
- Links: Embedded links are a common source of network infections, and employees should be very suspicious of those links. Mouse over (don’t click) the link and if the website URL you see when you hover over the link is different than the one in the email, you know it’s a threat.
- Email arrival time: The time an email came in could be another warning sign. If the email arrived in the middle of the night, this warrants a second look.
- Time-sensitive subject lines: Hackers like to use scare tactics to fool employees and get them to take action quickly without thinking. These time-sensitive subject lines are commonplace in spoof emails, but far less common in legitimate communication. An example might be “Your Office 365 account is about to be deleted”.
By educating employees about these warning signs, they become your first line of defense in network security. Security awareness training addresses these topics (and many more) to give your staff the confidence they need to avoid a potential threat.
Getting Started with Security Awareness Training
Now that you recognize the goal of security awareness training, it’s time to get started. This vital type of training should be an essential part of the employee onboarding process and an integral part of your operations.
As with any other type of training, what you put into your security awareness training will have a direct impact on how much you get out of it. Careful preparation is key, as is developing a training curriculum that works for your business. No two companies are alike, and every business will have a unique approach.
For example, you may want to begin your training with a simulated attack. Sending out a realistic, but harmless, phishing email is a good way to gauge the current effectiveness of your cyber defenses while presenting a cautionary tale for your staff.
This simple exercise will allow you to identify the weak links in the organization, so you can target the training accordingly.