Phish Testing your staff – CF Systems and KnowBe4
We live in an age where, at both work and home we are continually aware of threats to our cyber security. High profile security breaches within the likes of the NHS, Equifax and Carphone Warehouse are widely publicised and advertising and press activity from the major security vendors appears to be everywhere.
There is no doubt that an effective technology infrastructure is part of the defence against cyber crime and the various manufacturers of firewall devices, anti virus software and the like are rarely shy of pointing out the benefits of utilising their products. However, here within our cyber security practice at CF Systems there is one, less mentioned area of vulnerability in every business that generally presents far more cyber security risk than a companies technology. This area is staff – its no exaggeration to say that in our experience the vast majority of malware, ransomware and other threats successfully introduced into businesses come as a result of lax behaviour by staff within that business. Whether it be clicking on phishing links in emails, using unsecured websites or responding to unknown users on social media, there are a myriad of opportunities for staff to inadvertently introduce threats into their business network.
The key to combatting the risk from staff behaviour is of course training. Here at CF Systems we’ve specialised in this for a while. One route that we take is customised training to client teams to help them understand the activities that carry the most risk and what to look out for. This helps modify user behaviour and minimise risk to the business as a consequence. The perfect adjunct to this is a follow up program of phish testing – the sending of controlled fake “phishing” emails to your user base to gain an understanding of who responds (and therefore needs further training). In order to deliver this phish testing, CF Systems partner with KnowBe4, a specialist provider of phish testing software. KnowBe4 gives us the ability to run a huge variety of email based phishing tests, track user responses and then take those users through the softwares own integrated training resources to help them understand the risks and improve their behaviour. We believe KnowBe4 (suitable for any business with over 25 users) to be the market leader in its field and have deployed the software in retailers, financial services organisations and professional services businesses amongst others.