Could you spot a phishing email if one made it into your inbox? I’ll bet you think you could. Most people do, but they’re wrong.
According to a Webroot survey, “While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message.”
Other findings from the survey include the fact that 81% of participants are unaware that they can get phished by something other than email. Other attack vectors include social media, text messaging, phone calls and even video chat.
So, there you have. A false sense of security when it comes to getting phished. But what to do about it?
The common response to revelations like these is to dive head first into employee awareness training. And generally speaking, that’s a good idea. Afterall, there’s no downside to having prepared and alert employees which it comes to phishing attacks.
There’s only one time when awareness training is a bad idea. That’s when the company is on a limited budget and must choose between awareness training and email security software. When that choice has to be made, software is the better one.
Why is that? It’s because even at it’s very best, employee awareness training is only 98% effective. And while that may sound good, if you’re employees receive only 50 phishing emails, you’re company is going to get phished. That’s not very good.
Cloud-based email security with real-time link click protection like that available from DuoCircle can not only keep most phishing emails out of inboxes where employees can’t click on anything, but they can also protect you when one gets through and employees do click on a malicious link.
That’s the beauty of real-time link click protection. No matter when an employee clicks on a malicious link, email security software checks the link and the linked-to website and if it’s malicious, it prevents it from going through.
Training employees to be aware of phishing emails is a smart move. But, if you only have a limited security budget, which most small businesses do, the better investment is cloud-based email security software with real-time link click protection.