Phishing & Training Services for Investment Firms: Outsmart Cybercriminals, Empower Employees
In an alert posted to its website, the U.S. Federal Bureau of Investigation (FBI) stated that phishing email scams requesting wire fraud transfers have cost firms more than $2.3 billion in losses since 2013.
At the root of a phishing email scam is in-depth reconnaissance during which the cybercriminal delves into employees' personal information and the organization’s processes. During this phase, schemers phish languages within email threads and obtain enough information to pinpoint money-managing employees within the firm. Equipped with this insider information, the criminal sends a spoofed email, assuming the identity of the firm’s CEO or other senior executive, to an employee responsible for managing funds and requests an illegitimate wire transfer. Typically, the message will relay a sense of urgency – a key factor in the fraud's success.
According to the FBI, these email scams have increased by 270 percent (%) since January 2015. With the rise of these incipient, sophisticated attacks, the need for fully managed phishing and training programs grows exponentially. Breaches will happen, but when employees are provided with the tools and knowledge needed to recognize fraudulent emails, risk decreases and a firm’s defense system becomes stronger and more agile.
What is included in a cybersecurity training program? Examples of curriculum materials include the following:
Phishing Email Tests: Mock phishing emails disseminated to employees across a range of current, relevant topics.
Landing Pages: Upon receipt of a phishing test and taking action (i.e. clicking), users are brought to a landing page which may ask users for login credentials or provide in-the moment training.
Interactive Online Training: Sessions cover a variety of security topics including awareness training, cyberattacks, types of phishing and more.
Reporting: Advanced phishing training services will provide quarterly reports benchmarking employee vulnerabilities, phishing and training results, user actions, etc.
When it comes to protecting your hedge fund’s assets, employees can become your strongest shield of protection. Take action today as the cost of inaction drastically outweighs the upfront cost of cybersecurity.