Recently it was reported that a new single-click button will mean workers can report dodgy emails directly to the National Cyber Security Centre (NCSC), in a bid to clamp down on cybercrime.
Cybercrime has cost organisations more than £5m in the past 13 months. Among the most common types of phishing seen are employees being tricked into downloading malware that looks like it comes from IT support, clone login pages stealing personal details, and emails containing fake alerts from common workplace software.
<p>It is really positive to see the NCSC make it easier for organisations to flag dodgy emails. According to Mimecast’s recent State of Email Security report, email remains the first source of cybersecurity issues for most businesses. The research found that 42% of IT leaders acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email and that phishing attacks rose 63% in the last 12 months, so it is more important than ever that people are prepared. As we move into a world of hybrid working, this will become even more prevalent as criminal activity moves further online and simple human error will inevitably give way to increasingly more sophisticated impersonation and deception techniques. This new button will hopefully see widespread adoption, as many organisations follow the NCSC’s guidance.</p>
<p>However, for this to be successful, it starts with employees actually understanding what constitutes a dodgy email. This requires cybersecurity awareness training from businesses, to ensure that employees are able to spot and flag suspicious emails. Unfortunately, the Mimecast State of Email Security report found that only 19% of companies currently provide cyber awareness training on an ongoing basis. This needs to improve to ensure employees, of all seniority levels, are not tricked to clicking dangerous links or sharing personal information with criminals. It is also likely that organisations which are more mature from a cybersecurity perspective will not take advantage of this initiative, as they\’ll want to maintain some visibility of the reported items for their own internal purposes.</p>