//////////////////////////////////////////////////////////////////////////
so if that invoice gets paid in a payment
from the first week of every quarter that’s
when they’ll craft it to be sent and suddenly
it seems like a normal email.
Can you explain the concept of
the human firewall?
So most of the attachments that are opened
are due to individuals. So, educating the
individual is probably the most important
thing to do. So, make them aware of what
they should be looking for.
The problem with a lot of security awareness
programmes is they may be 30 minute
presentations or 10 minute videos that you
have to watch.
Typically people don’t tolerate that sort of
information now in that form, so what we
do with a lot of end-users now is we use very
short punchy videos.
We keep it to three or four minutes and we
use a lot of humour. So we always deliver the
www.intelligentcio.com
FEATURE: EMAIL SECURITY
message in a comedy form. So we actually
have a character called Human Error. He’s a
funny guy and he will say things like ‘press
on the link, don’t worry about your email, put
it on a post-it and have the same password
for everything.’ So that humour really
appeals to people and we’re finding it works
incredibly well compared to the traditional
presentation and formal training courses. So it’s changed completely. Now, the
content is far more consumable and far more
effective in terms of measuring how risky
your individuals are.
I think the other key thing is we’re using real
data nowadays. So in the past we used to
craft these attacks. They used to be done as
penetration tests, or what we call phishing
tests. Nowadays, what we do is we take real
data that’s coming through that’s targeted
at your organisation and we defang it and
forward it on to the users. I think the key thing is, is making sure that
you’ve got intrinsic value, so that as you’re
going through your normal day to day
process where your email comes in, that it’s
just a natural part of your daily activity.
So the users can’t cause any issues, if they
press on the link, but we can measure the
effectiveness of our training by testing
everybody through the organisation and
then give them a risk score. So in the same
way that the business has a view of risk for
financial losses or anything else we can give
you a risk of the people inside the business
and their prevalence to cyberthreats.
How can a company ensure
its cybersecurity without
becoming a nuisance to the
operation of its employees?
So for example if you get something through
that looks suspicious if you go on to the
menu bar of any application, those features
are there for you to say ‘this looks like a
spam email, can you test it for me?’
So having integrated solutions that are
targeted from a user’s perspective is really
important. So our products focus very
much on having all of that built into the
applications that people are using on a day
to day basis. n
EDUCATING THE INDIVIDUAL IS
PROBABLY THE MOST IMPORTANT
THING TO DO.
INTELLIGENTCIO
43