Last month we focused on the developments in phishing scams as the topic of our blog. Based on the high volume of interest in the topic, we are going to continue the conversation this month. Just to summarize a few of the key points from last month’s blog posting:
• 91% of data breaches come from phishing attacks
• Phishing attacks are becoming more sophisticated
• Phishing attacks are becoming more numerous
• Phishing attacks are becoming more dangerous
Another trend we did not speak of last month, is the increase is regulation and compliance surrounding the security of data, particularly personal identifiable information (“PII”). The federal government has been discussing a bill that would impose a uniform set of standards around data collection and responsibilities much like the European Union did with GDPR (General Data Protection Regulation). For now, most states have a statute on file for businesses to follow, many of which are vague at best. We expect to see a strengthening of these regulation at the state level (many states have already committed to this) and more uniformity. If the federal government passes a statute, we will have uniformity nationwide.
It is also worth mentioning that according to RapidFire Tools, 2017 was a record year for fines for businesses that failed to meet their data security responsibilities. These fines are being leveled by state Attorneys General offices in many cases. We expect this trend to continue as well. This means businesses have increased liability surrounding data security.
Let’s bring the conversation back to phishing scams. The increase in risk and liability surrounding data breaches indicates that businesses should do more to combat the threats to their business. Phishing scams, as mentioned above, account for a high percentage of the data breaches so this is a logical place to put resources. Colden Company offers phishing simulation tests for your organization. These tests will send your users topical phishing simulations (without the risk) and determine who the “clickers” are in your organization so that targeted training can occur. Sample emails are kept current with the latest discovered real-world phishing scams, so the tests are simulating scams that your users could be exposed to any day. There are a plethora of other advantages to the phishing program we have developed including video training sessions, specialized email content for quick consumption by users and dark web scanning to see what data might have already been compromised that you might want to be aware of.
Want to hear more? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.