Why you should train your employees to detect and report phishing attempts

Every day, 6.4 billion email-based attacks are sent. Many of these can target you in the workplace[i]. Phishing is the focus of the banking and finance industry during The European Cybersecurity Month.[ii]

Phishing is defined as fake emails where the sender appears to be a legitimate source, tricking you into opening an attachment or clicking on a fake website or to share sensitive information[iii]. 90% of security breaches in the workplace start with email-based attacks[iv].

- We continuously work to strengthen employees' skills and understanding of data security. Among other things, we conduct online and in-person courses and other workshops, so our employees are better prepared to detect and report suspicious content, says Mario Stelzner, Head of IT Infrastructure and Cyber Security at Bank Norwegian.

80 percent of data breaches in the workplace can be traced back to human error. Some of the most effective phishing emails have topics related to HR or information from the human resources department[v]. These attacks can cause a lot of damage, and the best way to reduce risk is to train employees to detect and report phishing attempts.

Stelzner explains that even though Bank Norwegian has excellent security routines and automated defence mechanisms, you never know how well the system works until the system is put to the test.

- We have an advantage in that the bank is relatively small, and employees and management sit close to each other and talk to each other. This makes it easier for us to rapidly react to, and detect, for example, phishing attempts, he says.