Phishing. Vishing. Spoofing. Pharming. Smishing. Whaling. No matter what you call it, sending fake messages to trick recipients into divulging company information is a scam that puts businesses of all sizes at risk.
So, how should an MSP approach the topic of phishing? First off, remember that your customers are probably already sufficiently scared—though perhaps not well informed. There are enough ‘ransomware payout’ headlines to read, but they only make people feel more afraid, rather than empowered. What your clients really need is information about threat detection and business continuity in the context of breaches. Above all, they don’t want to have to become a security expert to feel confident in their solution.
Working to educate your customers about phishing threats is one of your greatest opportunities to become their trusted advisor.
Here are some introductory talking points that will help you start and guide a conversation about phishing with your customers:
- Ask phishing awareness and preparedness questions in your routine check-ins.
Add a simple “How are you combatting phishing?” question to your routine customer call or meeting. Then, listen and learn. It’s best to open this conversation on the phone or in person. Email fatigue and inattention are a few of the main levers that phishers use to reel victims in with urgent and insincere messaging tactics.
- Raise customer awareness, but don’t resort to scare tactics.
Awareness is the first line of defense against falling for a phishing scam. Try mapping out a few highlights industry analysts agree on:
- Hackers are sophisticated. Gone are the days of misspelled emails from faraway places looking for emergency funds. Today’s phishing email sounds like it’s from your boss or HR lead, and has prompts hackers know you are likely to reply to.
- Cybercriminals are increasingly targeting SMBs because they know growing companies may not have invested fully yet in threat protection or backup solutions.
- Many companies are still paying high fees (ransoms) for their data. An investment in endpoint security with behavioral analysis that can stop zero-day threats can work like insurance against paying ransomware thieves.
3: Offer security training resources.
Phishing is more of a social engineering scam than a technical one; 90% of successful network breaches are caused by human error. And your customers’ employees are their weakest cybersecurity links.
You have a huge opportunity to differentiate yourself as an IT partner and bring even more value to your customers if you also offer employee training and awareness resources to help them combat the social side of phishing.
By providing training that includes phishing simulations, IT courses, security best practices, and data protection and compliance training, you can significantly reduce your customers’ risk, decrease infections and related help desk costs, protect their reputation and help secure their overall cybersecurity investment.
Click here to learn more about predictive cybersecurity layers for endpoints, networks, and end user education.
By Steve Lowing
By Meaghan Moraes