If you need more evidence that you need to do something about email phishing and social engineering – here it is…

McAfee Fake Antivirus Phishing Campaign is Back! – SANS Internet Storm Center

…and…

New zero-day vulnerability in Windows being exploited

Phishing emails in the wild – how can this infect you?

The story of a phishing email

I have written a lot lately about phishing campaigns, all of which have an element of social engineering – a message that in some way will exploit your trust to click on a link or open a malware infected attachment.

Important – Attached is a final demand for taxes 2021/2022

Important – Your Microsoft 365 account is about to close

You have won the lottery!

Some are easy to spot others are not.

A simple step for any organisation is to have a cyber security awareness campaign running to keep all your people informed about and vigilant for the types of attacks that they could see in their email or text messages.

At Smart Thinking we deliver our awareness training in a variety of ways:

Interactive webinars to many – ideal for small companies but you may not be able to ask sensitive questions because others will there – but I always take private questions after the meeting. These sessions are not recorded.

Interactive webinars to one company – your own private session. Customised for your own situation. Ask what you want. These sessions are recoded and so you can use them with new starts of people who could not make the live session.

Online training – suitable for large and small originations. Everyone works at their pace, multiple short video sessions (5-10 minutes), online tests and assessments and even certificates. Management reports are available so you can see who has completed the courses. Have a look at CyberAwake for the details.

Bespoke – of course. Call me and we can discuss the awareness campaign that will cover all your special requirements. (Do you have French or German speaking members of staff?)

But remember…

This awareness campaign is only one element of the well rounded, organisation appropriate cyber security plan you need, which should include at least:

  • A comprehensive back-up
  • Your information controlled using the “principle of least privilege”
  • A game plan for incidents
  • A “what is normal” document
  • Team training

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

email attacks 200