Tips for Training Employees About Phishing

By: Absolute Team | 5/11/2011

Even the best-prepared organizations will find themselves victims of phishing attacks. Roger Johnson, head of the Vulnerability Assessment Team at Argonne National Laboratory, notes:

"Getting to 0% is very difficult, even with well educated and motivated employees."

It may even be impossible. Phishing attacks work because the social engineering attack vectors are constantly changing. Becoming less obvious. More insidious. Here are some tips from Roger along with Tyler Murphy from the Argonne National Lab as shared on TechRepublic:

  • Training should be ongoing and mandatory, both initially and at set review periods
  • Briefs should be given on what suspicious emails could look like and what to do with them (newsletters are great)
  • Be suspicious of unknown email addresses, particularly if it asks for credentials or contains a link
  • Randomly test employees with fake social-engineering attacks. Have rewards.
Financial Services