Last week, all employees of GTI were a little scared when they received an e-mail from me with the subject line: Succession plan after confinement. It was a hoax. Léo Bechetoille, our director of technology at GTI, had prepared a fake e-mail for the 80 members of the group to test their cyber security reflexes.
The fake email, generated by Phish Threat, from the leading cyber security vendor Sophos, is used to simulate attacks to raise employee awareness of the dangers of phishing and social engineering. The aim of Phish Treat is not to demonstrate our naivety or anyone’s ignorance, but rather to remind users of the basics of cyber security by offering them a short training video.
A good joke, this test prepared by Leo highlights the fact that no one is safe from hackers who currently use coronavirus as bait to attack personal computers and social networks. Phishing e-mails and text messages, or fake websites about COVID-19, entice Internet users seeking information to click on infected links that bypass protection systems or install malicious software, as stated in an alert message from the U.S. Agency for Cybersecurity and Infrastructure and the U.K. National Cybersecurity Centre.
Within our company, 66% of employees were invited to view cyber security training when they could have put our company at risk. That’s quite something! A test of this nature fits perfectly into an annual awareness plan planned by companies. It is an investment of only a few minutes that can avoid serious operational and financial consequences.
