How we communicated with our staff on how to reduce the risks from Cyber Phishing attacks

Just the other day an email was circulated to our staff as a way in aiding us as a company to reduce our risk to cyber phishing attacks. The important information is that everyone must understand that these threats are real and how to protect oneself.

Phishing (pronounced “fishing”) is a kind of identity theft which is growing in popularity amongst hackers. By using fraudulent websites and false emails, perpetrators attempt to steal your personal data. On average a phishing campaign of only 10 emails has more than 90 per cent chance of getting a click.

Some examples of ‘phishing’ for us have been; the recent problems with mailbox size the our chairman received an email from outside saying that his email account was over the limit. Someone received an email from indicating that there was an issue with their account.

As a policy of our corporate eMail provider BLOCK ALL emails from known cyber threat sources and hold what could be considered ‘spam’ for manual review.

It is rumoured that the Caribbean is an easy targeted because of “weak employees” that have no Cyber Threat training and “poor infrastructure”. As such we would like to share with you a few helpful tips on you can protect yourselves and …. from these cyber activities.

* If you receive an email NEVER click anything without first scanning it over to determine if it makes logical sense.

* never use a link from an email to conduct any business transaction such as banking.

* if your need to enter any private and confidential information always look at the address bar to ensure that you are at a site that you intend to be on.

* never respond to email that try to upset you into acting quickly by threatening you with frightening information.

* Never email personal or financial information, even if you are close with the recipient. You never know who may gain access to your email account, or to the person’s account to whom you are emailing.

* NEVER share passwords with anyone. If a breach should occur you will be held responsible if it is traced to your login.

* Never register for anything using your company account unless you familiarise yourself with a website’s privacy policy. The majority of commercial websites have a privacy policy, which is usually accessible at the foot of the page
Some Interesting Research Results-

Every organization clicks. On average, users click one of every 25 malicious messages delivered. No organization observed was able to eliminate clicking on malicious links.

Middle management is a bigger target. Representing a marked change from 2013 when managers were less frequently targeted by malicious emails, in 2014 managers effectively doubled their click rates compared to the previous year. Additionally, managers and staff clicked on links in malicious messages two times more frequently than executives.

Sales, Finance and Procurement are the worst offenders. Sales, Finance and Procurement (Supply Chain) were the worst offenders when it came to clicking links in malicious messages, clicking on links in malicious messages 50-80 percent more frequently than the average departmental click rate.

Clicks happen fast. Organizations no longer have weeks or even days to find and stop malicious emails because attackers are luring two-out-of-three end users into clicking on the first day, and by the end of the first week, 96 percent of all clicks have occurred. In 2013, only 39 percent of emails were clicked in the first 24 hours; however, in 2014 that number increased to 66 percent.

Attacks are occurring mostly during business hours. The majority of malicious messages are delivered during business hours, peaking on Tuesday and Thursday mornings. Tuesday is the most active day for clicking, with 17 percent more clicks than the other weekdays.

If there is any additional information that you need, or any unanswered questions please let the IT department know so we may respond quickly.
Thank you and have a great day!

Leave a Reply

Your email address will not be published. Required fields are marked *