Compliance & Ethics Awareness Week 2025
Ethics and Compliance
With more employees working remotely or in a hybrid environment, risks for cyber attacks are increasing. More distractions, interruptions and stress can make employees more susceptible to phishing — a common form of cyber crime that manipulates people into disclosing personal or confidential information. Whether the phishing attack takes the form of an email, phone […]
With more employees working remotely or in a hybrid environment, risks for cyber attacks are increasing. More distractions, interruptions and stress can make employees more susceptible to phishing — a common form of cyber crime that manipulates people into disclosing personal or confidential information. Whether the phishing attack takes the form of an email, phone call, text or social media message, the goal is the same: to get people to lower their defenses in order to steal money, identities or hack into an internal network.
As part of a comprehensive data privacy and information security program, conducting ongoing phishing awareness training is a proactive way to change employee behavior and keep sensitive information out of the hands of criminals. Employees should know how to recognize the different types of phishing, including:
Spear phishing is a form of phishing where fraudulent emails are sent to targeted individuals or organizations in an effort to access specific confidential information. Criminals often gather information about a target’s workplace or coworkers from social media sites or the internet and then use relevant details to craft an email that appears to be from a supervisor, colleague or manager.
The term ‘vishing’ combines voice and phishing to describe a type of fraud involving a phone call or voice message. Typically, cyber criminals disguise themselves as members of a trusted organization or pose as IT managers or consultants to get individuals to provide personal information or access to the organization’s network. Fake caller-ID information is often used to make the calls appear to be from a legitimate source.
Mobile phishing, sometimes called smishing, uses fraudulent SMS or text messages to trick individuals into giving out sensitive data, such as an account password or Social Security number. The message often includes a link that’s used to steal information or install malware on the mobile device. Smartphones are a particularly tempting target for cyber criminals because they’re commonly used for both work and personal use, and people often don’t realize that their phone can pose a cybersecurity risk at work.
Whether working remotely or onsite, all employees can benefit from phishing training — a cyber crime that hit 83% of organizations in 2020. As part of an organization’s information security program, training is an effective tool for raising employee awareness of increasingly sophisticated phishing scams and what they can do (or not do) to keep devices and networks safe.