An Overview of Phishing from the Accounting Sector

Pretty young businesswoman sitting at desk with business scheme and iconsEmployee training is an essential long-term defense against phishing attacks, according to David Barton and Kimberly Anderson at UHY Advisors. In an article for Accounting Today, Barton and Anderson note that most cyber attacks depend on phishing or another form of social engineering, so organizations need to focus on educating their employees about these tactics. Organizations should assume they’re already being targeted by these attacks, so they shouldn’t wait until it’s too late.

“Nearly every company will be the target of a cyberattack at some point as long as their doors are open,” Barton and Anderson write. “The better employees are at recognizing a phishing email, the more likely the company will be able to avoid an attack that could damage their reputation and cost them precious time and money. It is essential for companies to have core cybersecurity practices in place and for employees to know what to look for and how to handle it.”

Barton and Anderson note that the average employee receives sixteen phishing emails per month, and only one of these needs to succeed in order to compromise the targeted organization.

“It only takes one click of a mouse on the wrong email to cause damage to a company’s well-being as well as their reputation,” they say. “It is worth investing in the proper training and processes to prevent a mistake that could cost the company millions of dollars. A recent Ponemon Institute study that focused on the cost of phishing and the value of employee training found that training reduced click-throughs on phishing emails between 26 percent and 99 percent, with an average improvement of 64 percent.”

Real-world experience is the best way to learn about these attacks, so organizations should use realistic phishing simulations as part of their training programs.

“Practice is necessary in order for people to be able to recognize phishing scams and learn how to deal with them appropriately,” Barton and Anderson write. “Employees are on the front lines of all phishing attacks. Conducting internal phishing campaigns gives employees the opportunity to practice safely while providing companies a mechanism to track progress. Training and testing employees on phishing recognition skills will decrease the chances of a company-wide breach.”

New-school security awareness training is the best way to gain experiential knowledge of social engineering attacks. If your employees routinely receive realistic but fake phishing emails, they’ll be much less likely to fall for real ones.

Accounting Today has the story:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews