You don’t need any technical knowledge to send an email. As humans we are easy to trick when we are just faced with skilled manipulators and in today’s hectic workplace, many of us work through our emails as quickly as possible without considering the overall picture.
When an average of 90.25% of institutions have detected a phishing attack, institutions need to make sure they are doing all they can to prevent this constant barrage of attacks from causing significant damage.
As one of the respondents said
“The biggest challenge is getting people to understand the 'even with multi-layered defences... a single person can still bring down the whole system” Higher education institution
And it’s not just emails that phishing attacks can come through, it can be any form of communication including texts (smishing), voice (vishing) or now even QR codes (quishing).
But despite phishing being acknowledged as the biggest attack vector, not enough schools are training their staff to be aware of the risk and how to deal with it.
The National Cyber Security Centre suggests these four layers to defend against attacks:
1. Make it difficult for attackers to reach your users
2. Help users identify and report suspected phishing emails
3. Protect your organisation from the effects of undetected phishing emails
4. Respond quickly to incidents
You want your staff to report a phishing attack as soon as they realise they have fallen victim, rather than waiting until a forensic investigation identifies it.
The National Cyber Security Centre (NCSC) have created an enterprise Outlook add-in for staff to be able to report email phishing directly from their email box. The NCSC will the actively seek to disrupt the criminals sending these messages, protecting you from them as well as the wider community.
And you can report more than emails.
The Eastern Cyber Resilience Centre provides both individual and corporate internet discovery so you can see what information could be used to craft that phishing attack. We also provide Staff Awareness Training, but did you know your local police protect officer might be able to do this too? We train and mentor local university students, so when we say affordable, it really is. Find out more here.
The Eastern Cyber Resilience Centre is a not-for-profit membership organisation, run by policing, with the intention of increasing cyber resilience of SMEs within the East of England.
You can contact the Cyber Resilience Centre for guidance and support through our e-mail enquiries@ecrcentre.co.uk or use our online booking system to make an appointment with one of our team.
We also provide free guidance on our website and we would always encourage you to sign up for our free core membership. Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
Policing led – business focussed.
Click to Open Code Editor