How to guard against the rise of phishing in the Irish workplace
Phishing is a major concern for businesses of all sizes, not only because the volume of phishing emails is on the rise, but also because attack methods are becoming more sophisticated. To gain a better understanding of the prevalence and impact of phishing in Irish workplaces, Censuswide carried a survey on behalf of Datapac and Sophos, which found that 14% of Irish office workers – up to 185,000 people – have fallen victim to a phishing scam.
To recap, phishing is a tactic used by cyber criminals which involves sending emails that appear to come from genuine sources, that encourage users to reveal confidential information, such as banking details, which is then used fraudulently. Spear phishing is specifically targeted at individuals, usually senior employees, who are more likely to have access to highly valuable financial and organisational information.
Prevalence of phishing
The survey findings revealed many significant differences in phishing awareness among different age groups in the Irish workplace. Millennials (aged 23-41) are most confident in their ability to spot an email scam, with just 14% indicating they are not confident they could detect a fraudulent phishing email. This rises to 17% for generation X (aged 42-53) and to just over one-quarter (26%) for baby boomers (aged 54 and over).
However, despite millennial’s confidence, they were in fact found to have been victims of a phishing scam most often, with more than twice as many millennials (17%) falling for a scam compared to members of generation X (6%) and baby boomers (7%). This confidence may stem from complacency and emphasises the need for employers to provide cyber security training and ongoing refresher training to ensure all staff remain alert.
On the other end of the spectrum, senior employees were also shown to regularly be the focus of hackers attention, with almost half (48%) of generation X and 36% of baby boomers revealing that they have been targeted by a phishing attack. This tallies with what we have seen at Datapac’s Network Operations Centre – a pronounced increase in instances of attempted spear phishing attacks, especially campaigns targeted specifically at C-Suite or senior level employees.
If hackers can gain access to a company’s funds through spear phishing, the financial loss could be disastrous, particularly for SMEs. It is therefore very worrying to see 44% of baby boomers admitting to clicking on a link or attachment in an email from a sender they didn’t recognise. This unadvised cyber practice places both individuals and organisations at a much greater risk of experiencing a data breach through phishing.
Combating phishing through cyber security awareness and training
While we have seen companies taking significant steps to guarding against ransomware and other malware attacks, phishing is a harder to pin down threat as it is targeted at the end-user. The problem isn’t just one for the IT department to solve, but is an organisational issue requiring cross-department buy-in. For instance, operational and HR teams play a crucial role in creating a culture of awareness.
However, the key piece in an effective strategy against phishing is ongoing cyber security training for employees at every level. It is alarming that the survey found that 20% of Irish office workers have never received IT security and awareness training. Furthermore, training should be provided on a continued-basis throughout a team members tenure, so it is equally worrying an additional 20% received training either less than once a year or only once during their induction.
Cyber education delivered only at an induction level, doesn’t accommodate long-standing and senior employees, who, as the survey shows, are in most need of security refresher courses. Instead, user awareness training should be provided on an ongoing basis in the same way as other vital employee training such as health & safety.
One reason employers may be reluctant to implement ongoing training is down to cost and difficulty elements. Technology can play a key role in addressing these concerns by facilitating training in a cost-effective way. Solutions such as Sophos Phish Threat educates and tests end-users through automated attack simulations, quality security awareness training, and actionable reporting metrics. Sophos Phish Threat is available from Datapac as an easy to administer solution for organisations to implement themselves, or as a fully managed service delivered by Datapac, taking administration and management out of an organisation’s hands and making user-training simple to deliver.
Phishing can have a major impact on the victim and their company, with hackers gaining a foothold into the corporate system. This can lead to a breach of customer data, the loss of confidential company information, and could leave organisations vulnerable to fines under GDPR. A chain is only as strong as its weakest link and, as attacks become more prevalent, businesses must make every effort to educate all employees on the very real threat of phishing. Given the risks, they can’t afford not to.
"At Barretstown, we rebuild the lives of children, and their families, affected by childhood cancer and other serious illnesses. We serve 5,000 campers a year and have 1200 volunteers each year. Communication is crucially important and Datapac has helped us to streamline, improve and ensure efficiency."
"Datapac has provided us with a fantastic product and world-class levels of service and support. Whenever people ask me about our experience with Datapac I’m always ready to sing their praises and I would happily recommend their services to any organisation."
"For many years Datapac has been our sole supplier for the maintenance of Personal Computers and Peripherals in Ireland. Through their Service Centres in Wexford and Dublin, Datapac provides excellent support to our businesses throughout the country and consistently meets the SLA targets which we have set. The skill, expertise and experience of their engineers and other technical support personnel are of the highest standard."
“The value of dealing with an HP Gold partner in this process can’t be underestimated. Datapac provide us with a local touch and can cover the full range of our IT requirements, but when there is a specific technical requirement like this, they can bring the specialist technical resources of HP to the table. HP and Datapac had a thorough discussion with us around our requirement - and had really done their homework - and then were able to provide us with a very highly specified test platform for us to prove the application on before we committed to purchase.”
Datapac understands our needs and requirements and has the expertise and experience to follow through on all our requests. Our constant need to reduce costs has been assisted by Datapac's ability to suggest alternative solutions and methods whilst improving both efficiency and productivity. Our partnership with Datapac is akin to having an IT department on site that we simply could not provide ourselves.