We’ve talked a lot about ransomware attacks as they continue to make their way through the healthcare industry. One way an attacker can gain access to your environment is through a phishing email. When you work in the security industry, there can be an assumption that users know what phishing looks like and what to avoid. Phishing awareness is probably covered in new hire orientation or in an annual training but that does not create active awareness among your organization. Having in-depth security awareness training once a year is very important but the key to avoiding things like phishing is keeping it at the forefront of everyone’s mind. Here are a few things you can do to keep organization thinking about phishing:
- Post fliers
- Posting fliers around workstations that warn users what a phishing email might look like will remind them to think twice before clicking on a link or downloading an attachment
- It’s important to include how to report a phishing attempt and what to do if the user thinks they may have fallen victim to one
- Change out the fliers every so often with the newest phishing trends
- Send reminders/alerts
- Email users when someone recieves a phishing email so people will be on the lookout for something similar in their inbox
- If there is an industry trend, send reminders to users to keep on the look out
- Add a header to emails that are coming from outside the organization
- Adding something like “EXTERNAL Sender… Stop. Think. Before you Click.” Could be the thing that causes someone to think twice
- Perform a phishing test
- Testing your users to see who responds to a phishing email gives an opportunity to provide needed education and awareness
Feel free to come up with creative ways to keep awareness up with your users! A slogan or funny graphic might help users remember the importance of caution when it comes to suspicious emails.
