Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Back to Basics #1: Phishing Threats

phishing-threats

about the author

Share this post

Cyber security is becoming the latest trend. We’ve all read about the TalkTalk, Dropbox and Yahoo breaches, and this means that they will only be on the rise in the near future.

As human beings, we are wired to make mistakes, therefore it is only necessary that you educate your staff on what to look out for. You can protect your organisation by making your staff aware to avoid clicking on suspicious email links, stop writing their passwords down on a post-it or knowing not to connect to public Wi-Fi networks when working remotely.

In this series of blogs, we are going back to basics so let’s take a look at what type of phishing threats are out there. To arm yourself against a potential phishing attack, you should take advantage of technical barriers but you should also avail of staff awareness. Ultimately, staff awareness will help your staff to recognise the common tactics used by cyber criminals in a phishing email.

  • Phishing

The spam filter on your personal or work email accounts will usually pick up on junk emails but sometimes they can make their way into your main inbox. This is where you need to be able to spot a phishing email. The fact that your spam filter helps you out from time to time and moves spam emails out of your view is both a help and a hindrance. The filter helps you because you aren’t tempted to click on it directly (out of sight, out of mind) but this is hindering you from seeing the tactics hackers will use and thus, may prevent you from noticing the difference between a genuine email and a phishing email.

For example, an individual contacts you to say you have been identified as the last living descendant of a wealthy financier and you are entitled to their fortune. Common sense is right at hand to tell you that this is virtually impossible. Not only that, but you would like to think that you would receive a legal document confirming such news as opposed to an email from a Hotmail account.

If you can spot these warnings signs, that’s good. Generalised phishing emails are designed to catch you out but false promises or lack of grammar used in the email should alert you to the dangers. But – cyber criminals are becoming cleverer.

A ransomware test is a solution to test your employees on their behaviour towards phishing emails. A simulated phishing software solution can provide management with reports on how employees react to such emails. The reports will outline which staff members need to undertake a phishing training module.

  • Spear Phishing

This is an extremely sophisticated method of phishing. Cyber criminals who send spear phishing emails have done their homework; they will have tailored the email content specifically for you. To achieve this, they will have monitored you and your colleagues on social media and eventually, will use this information to create the perfect email for you which will be used to earn your trust.

The email you receive will appear to be from an individual or company. Throw your the personal information that they have gleaned into this mix and it is a recipe for disaster. In comparison to a standard phishing email, a spear phishing email will be personally addressed to you and includes information that appeals to you.

What if you received an email signed by your IT Support team to tell you that your email account is running out of space? This type of email seems a bit more plausible. Email signatures can look official: that’s all well and good but, some things you should be wary of in the body of the email are spelling and grammar, who the email is addressed to (do they refer to you by name or simply “user”?) and any links that are provided.

  • Whaling

This form of phishing attack is directly target to senior members of staff and management but the goal is still the same: to acquire information.

The cybercriminal will mask themselves as a reliable or trustworthy source, much similar to spear phishing. However, a whaling attack is designed to trick senior members of staff as they will more likely have access to important company financial information and possibly even have the ability to authorise financial transactions or payments.

For example, say you are the Senior Finance Manager and you receive an email from your colleague about a few invoices that require approval for immediate payment. They have also attached a zip folder to the email.  You automatically panic and your brain goes into overdrive thinking “Did I forget to authorise those? I’m sure I didn’t – I processed all invoices on Monday”. Here, your automatic reaction would be to click on the zip folder attachment and check the invoices to jog your memory.

This is where to you need to STOP. Instead of clicking on the attachment, check your own records to see whether the payment was approved. Save yourself a few extra seconds (and your company’s reputation) by checking your records before accessing downloadable content from an email.

If you downloaded said zip folder, it would probably have contained a suspicious file and this would execute dangerous malware onto your computer or laptop. This program could even access your network, causing potentially irreparable damage.

Conclusion

Quite simply, phishing attacks can destroy a company simply at the click of a button. All it takes is one person to click on a link or download an attachment, and your company’s reputation and assets are at risk. To combat the threat of phishing, companies need to invest in educating their staff on what to look out for.

Here at MetaCompliance, we provide phishing simulation software and eLearning content which will ultimately increase an organisation’s sensitivity to fraudulent emails.

Did you know that it only takes one minute and twenty seconds for someone to open a phishing email? Instead, take that time to think before you click.

Other Articles on Cyber Security Awareness Training You Might Find Interesting