We currently live in a digital era where almost everything is done online, including business operations. While the internet has provided employees with all kinds of opportunities to stay connected, gain access to a wealth of information, and collaborate, this accessibility also means that they are putting their data at risk. Consequently, most organizations are now supplementing their conventional security awareness training with simulated phishing tests for their first line of defense — their employees. The purpose of these tests is to reveal the risks related to cybercrimes and improve staff awareness.

EC-Council's Aware provides phishing, SMiShing, and vishing simulations, all in a single revolutionary platform that is integrated with e-Learning and gamification modules on a learning management system (LMS) to help prepare your business against cyberattacks.

It comes as no surprise that the history of cybersecurity can be traced back to the appearance of the internet. Ever since the worldwide web began to percolate into mainstream society, cybercriminals have been coming up with innovative ways to take advantage of this.

One of the first incidents of hacking took place in the early 1980s when a group of computer hackers known as the 414s (named after their Milwaukee area code) was arrested for breaking into more than 60 computer networks. These include the Memorial Sloan-Kettering Cancer Center and the Los Alamos National Laboratory.

As hacking became increasingly challenging during this period, the Computer Fraud and Abuse Act was created to punish those who were caught victimizing computer systems. By the late 1980s, a unit called the Computer Emergency Response Team (CERT) was formed under the Defense Advanced Research Project Agency (DARPA) to investigate the growing volume of hacking on computer networks.

Towards the end of the 1980s, Robert Morris released the historic Internet worm, which caused 10% of the internet to shut down (at the time). It was also possibly the first denial-of-service (DOS) attack ever to appear on the Internet.

Though hacking from the 1980s was, for the most part, carried out by amateurs and hacking students, cybercrime took a more serious turn as the 1990s rolled by. By this time, cybercrime has not only increased in sophistication but notoriety. Hackers started to target government agencies and substantial corporate databases, such as Yahoo!, eBay, and Amazon.

From the late 1990s to the beginning of the millennium, viruses, such as the Melissa and ILOVEYOU, started making the headlines for infecting more than 10 million personal computers and causing the failure of email systems around the world. These threats inevitably led to the development of antivirus technology and the importance of security for computer users.

Now that we’ve established the elements of security awareness training, below are some of the major topics that should be included in your security awareness training modules.

This topic covers desktop hygiene and desk security practices. Employees should be trained on how to declutter their desks to prevent possible information leaks. Desktop hygiene would cover password security, why printouts should not be left on the printer, shutting down computers when they are not being used, and also not plugging unauthorized devices into company terminals. This would also enlighten employees on the potential dangers of doing any of these even for a few minutes.

The nature and extent of mobile device security policy can differ from one organization to the other. Considering that most organizations now allow employees to bring their own devices to work and use their personal gadgets for virtual offices or remote workstations, it is important that physical security awareness training is conducted for all users.

Employees should be acquainted with the importance of safe app installations, how to use passwords to control phone access, how to use public Wi-Fi safely, and how to report physical security risks. This can also cover the potential risks of connecting to unsafe wireless networks and unfamiliar ones.

Social media serves as a window to the world and virtually everyone has a social media account and uses other online platforms. While social media platforms help you to connect with people, they also open you to cyberattacks. Your security awareness tips should include safe practices for employees while accessing social media pages. This can be merged or slot in with the phishing and malware module since this is the recent channel for both.

Rob Kraus indicated that random security training within organizational environments leads to about a 10% to 15% decrease in the probability of an effective cyberattack. Similarly, being consistent with security awareness training can lessen cybercrimes and their impacts to about 40% to 50%.

Many employees are unaware of the critical risk factors associated with information security and privacy. Since security is everyone’s business, security awareness training helps to bring everyone within the organization to the same page, protects both human and physical resources, and lessens incidents and the risks associated with cyberattacks.

The efforts of your security awareness consultant will be ineffective if treated like a mere box that must be ticked, particularly if you fail to review your training modules constantly. Therefore, an effective cybersecurity awareness information plan, must be fun and not stringent, and it must be backed up by the executive and management board. It must be targeted at improving the behavior of all the users and it must be interactive in a way that it necessitates feedback from all users. It should also be diverse in such a way that it penetrates the totality of the corporations with security awareness training materials, including email tips, posters, newsletters, and other regularly distributed communication materials.

Other ways to improve your security awareness training include:

What Exactly Is Phishing?

Phishing describes a form of cyberattack that applies camouflaged emails, text, or voice as a weapon to trick the recipient into believing the information is something they need. This could include a call from a distant relation, a request from their banks, or even a link to an attachment. Phishing is the number one culprit for most data breaches that take place today.

As fraudsters continue to come up with innovative ways to trick end users into giving up their personal information, it is important for businesses to strengthen their first line of defense — their employees — to avoid falling prey to such attacks. This is the reason security awareness is so important. It only takes one user to click on a phishing email for a cybercriminal to breach your organization’s network and steal your data.

Aware provides phishing simulations that mimic real-life attack scenarios that teach your employees to spot phishing frauds and prevent the hefty cost of a data breach.

The following are important facts you should know about phishing:

Benefits of Using a Phishing Simulation for Spreading Awareness of Online Crimes

The eventual benefit of phishing simulation and computer-based training is that it prevents a data breach.

Aware combines simulated phishing attacks with set-and-go training modules, can help improve awareness, alter user behavior, and reduce the risk associated with social engineering attacks.

Phishing has been going on for many years now, yet many users continue to fall prey to tactics that bait victims into revealing their personal information. There is a reason why this type of cyber threat is so prevalent and dangerous: besides being relatively inexpensive, it is extremely easy to execute.

Identifying an email scam is not always a straightforward process. This is where Aware comes in. Our phishing simulations mimic real-life attack scenarios that teach your employees to spot phishing scams and avoid the hefty cost of a data breach.

As texting is one of the most common methods of communication for many users, this inevitability makes it an irresistible target for many cybercriminals. SMiShing has become one of the main tools in a scammer’s arsenal, partly because it is so easy to wield and requires little technical knowledge.

SMiShing typically follows the usual phishing route. Each text contains a link that directs the target to a website and asks them to fill in their details or prompts them to download malware onto their system. However, as opposed to a standard phishing attack, the success rates are higher with a SMiShing attack because users are not conditioned to receiving spam on their mobile phones.

Vishing often begins where phishing ends. For instance, you click on a link for an advertisement that relates to your interest. The link, which hides embedded malware, triggers a lock-up component that only a helpful “technical” person can help you with. So, you call the number you see and spend some money to remediate the problem. Little did you know, it was all just part of the scam, and the company that you just called was the culprit that created this problem in the first place.

Our phishing reporting tool, known as CheckAPhish, helps you gain visibility into your organization’s risk behavior and measure the overall risk levels across your user groups. You will also have different types of reports at your disposal.

CheckAPhish+ comes with innovative features and added advantages. CheckAPhish+ is an advanced version of CheckAPhish and is the latest addition by Aware! The software is specially designed for all corporate houses. CheckAPhish+ is the latest revolution that can conduct one-view scanning and deletion of suspicious emails. It is a must for corporates who are serious about phishing attacks and are fighting against cybercrime.

Check out some important information about CheckAPhish+ below:

CheckAPhish+ Signup and Setup

The CheckAPhish+ Signup can be with the same email or admin credentials of the client. (O365, GSuite or Exchange). After landing on the onboarding page of Aware Admin Console, the user with the required credentials should enter the respective authorized page. For easy CheckAPhish+ implementation, Google/Outlook plugins are available.

CheckAPhish+ One View Scanning

Bulk emails scanning is possible with this CheckAPhish+ feature. Automated email scanning is the USP of CheckAPhish+. It is an anti-phishing engine that allows scanning of emails in bulk to ensure that phishing emails in large numbers are in the mailbox. An admin can run a scan on multiple employees at a go, which can help employees to get rid of all phishing emails. It eventually sorts and segregates the mails for cleansing email accounts. The automation of reporting any suspicious email can also be done by using the CheckAPhish+ plugin.

Prompt Deletion of Phishing E-mails

After scanning and sorting the phishing emails, it is important to delete those as well! With CheckAPhish+, there is an option where all phishing emails can be deleted at one go. This is highly recommended.

To learn more about EC-Council’s Aware products and services, you can contact us, follow us on our social channels, and reach out to us at the address below.