Hartford company's shrewd cybersecurity service
Charles IT "phishes" its own clients to see just how much they'll fall for
March 15, 2018 - Middletown, CT - Have you ever wondered how much attention your employees pay to incoming emails? If you haven’t, then you probably should, especially given the data gathered by Charles IT’s monthly email phishing tests.
The tests are part of the Connecticut-based technology provider’s Security Awareness service, which has revealed that most office workers are either too busy -- or too unaware of the dangers -- to be completely trusted at the controls of their inbox.
Phishing is one of the primary methods used by hackers to get into those inboxes and at your company’s data, and it involves little more than tricking your employees into handing over sensitive information unwittingly.
“You’d be surprised by how many computer users in professional environments fall for phishing emails,” says Foster Charles, the firm’s founder and Chief Executive. “About 75% of businesses reported being victimized by phishing attacks last year.”
That doesn’t necessarily mean every one of those businesses had their bank accounts or their credit cards compromised, but many of them did. All it takes to open the door is for one unsuspecting employee to reveal a username and password, a tax ID number, or a debit card PIN.
Hackers use several different styles of phishing. These include “deceptive phishing,” which is the most common style and involves impersonating a name-brand company like Apple or Google; and “Business Email Compromise” (BEC), which targets companies known to send international wire transfers and involves impersonating the company’s own high-ranking officials.
Charles IT approaches these problems by posing as hackers themselves, creating a sort of controlled phishing environment to test their clients’ employees.
“We’ll work with clients’ IT admins or HR personnel and then proactively phish the employees,” says Charles. “It lets us see if they’ll click and open links they’re not supposed to, and tells us exactly which phishing styles they’re tricked by.”
The controlled phishing emails are sent to random employees on a regular basis, and are followed up by remediation training based on the results. But since phishing isn’t the only threat trying to get inside your company’s network, a lot more is covered by the Security Awareness program. The program includes annual training for DFARS, HIPAA, SOX, and PCI compliance along with annual security training.
The sheer volume and variety of “malware” aimed at business networks is remarkable, and much of it is delivered by the other harmful type of email, spam. According to research from statistics portal Statista, nearly 60% of all email messages worldwide are spam messages.
That’s why Charles and his team trains clients to recognize ransomware attacks like 2017’s infamous WannaCry pandemic, plus all the current viruses, trojans, and worms that sometimes sneak past email systems’ spam protections.
But ensuring your company data remains safe shouldn’t rest entirely on your employees’ shoulders, so in addition to the program’s testing and training, there is a proactive component called the SDS (Security Delivery System).
According to Charles, “We do 24/7 monitoring of our clients’ servers and systems so we can identify suspicious changes and potential threats to the environment. Whenever something anomalous occurs, like an unfamiliar login attempt on a accounting or business owners computer an email notifying the business owner or security officer is generated.”
The Security Awareness program is rich in features like SDS, yet flexible enough to allow business owners to select solutions that will apply to their specific cybersecurity situations.
For more information on controlled phishing tests, spam and malware training, compliance training for HIPAA, PCI, DFARS, or SOX -- or to sign up for their Weekly Security Awareness Tips & Trends emails -- contact Charles IT today.