Fight Phishing

Our anti-phishing e-learning module trains employees to recognize and ward off common attacks. Course contents include:

• How to detect phishing attempts
• How to safeguard against common phishing methods
• What to do if a phishing attempt has taken place

Data is a precious commodity in today’s world and whoever has access to information has potential power. With that in mind, it’s not surprising that organized criminals worldwide are increasingly on the prowl for access to data, and often using the services of professional hackers to get at it.

While technical systems can be increasingly easily secured, people remain a potential data security weak point in any organization. And hackers often use fraudulent methods to try and trick people into revealing important data or granting access to it – an approach knows as “phishing”.

A typical phishing approach is often via email – with this method, more than ten percent of all Internet users have been seen to click on unsafe links or open dangerous file attachment in emails.

The word “phishing” comes from the English word “fishing”. In this context, it means fishing for confidential data such as passwords or account information. This form of cyber-security attack is a popular one because of how simple it is to carry out at scale via email. And there are further analogies to be drawn with traditional fishing. An example here are so-called “Spear-Phishing” attacks where highly specific people or companies are targeted.

Companies, government authorities and organizations are a tempting target for phishing attacks due to the amount of sensitive customer data they typically process. Unlike with ransomware scenarios (where data is blocked by hackers and only released following payment), commercial phishing is based on the secret theft of personal data and its unauthorized use thereafter.

Sadly, in cases where phishing attacks are successful, the results is often significant financial loss and reputational damage. In many cases, breaches become public knowledge and attract considerable unwanted negative media coverage.

If a successful phishing attack has occurred despite the precautions you’ve taken, the first thing to do is to remain calm! Then immediately block all affected accounts and credit cards to prevent further damage.

You should also immediately update your antivirus suite and have your computer thoroughly checked by a security professional. All passwords and security questions should also be reviewed and renewed where appropriate.

Do we have to train our employees on data security and, if so, how often?

Training courses on IT or data and information security are recommended by trusted authorities such as the German Federal Office for Information Security (BSI) for good reason. Data breaches and cyber attacks are an unfortunately all too common occurrence in today’s world and companies should act accordingly.

Your customers have high expectations regarding the secure handling of their data. And only trained employees have the appropriate security awareness to recognize and ward off the most common types of attacks.

Our training courses create this awareness sustainably through through a mix of proven learning methodologies and relevant, practical examples and recommendations for action in everyday work. We recommend keeping your employees up to date by offering annual training on the most important types of attack.

Do we need training for every employee?

The short answer here is Yes. lawpilots also offers attractive volume discounts based on the number of employees to be trained. Contact us for a custom quote for your organization.

How are the employees tested?

Instead of simply struggling through a classic multiple-choice test, your employees complete several interactive dialog games during the training. Each of these games thoroughly test the knowledge learned by your employees in practical, real-world scenarios. Try our demo here to see an example of this testing process.

Do our employees receive a certificate for participation?

Yes, all participants receive a certificate upon completion of the training. As the client, you are also able to access our legally compliant admin area where you can see reporting suitable for supervisory authorities and data protection audits.

You’ll also be able to see full details of all employees who have participated in the training and see which training certificates have been issued. Try it out for yourself at https://demo.lawpilots.com/reporting by using the e-mail address demo@b3o7mk.myraidbox.de and the password demo.