As we’ve detailed in the past, 2020 has been a year of spear-phishing. Spear-phishing is defined as "the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information." Whereas normal phishing scams may just try to dupe you into logging into your Facebook or Apple account, modern spear phishing focuses on targeting specific individuals, both to imitate and to "phish." The hacker may choose to spoof the email of a CEO, and send a directive to the administrative assistant of the CFO. They mimic not only the email address, but the language and writing style of the CEO. The aim is to make the correspondence seem as normal and legitimate as possible. And more often than not, it works.

For nearly every cyber security threat, the solution is twofold; technological mitigation, and employee education. But, educating people about the risks of email scams can get repetitive, and once the basics are understood it's hard to keep employees engaged.

So, what if you could have your employees actually PRACTICE responding to a scam?

Healthcare Technology Advisors is offering an educational service where we do just that. First, employees are given training on how to detect phishing scams, how to react to suspicious emails, and what preventative measures are in place to protect their networks and computers. Then, an email is sent out (by us) that aims to imitate a trusted source and attempts to get the employees to give up valuable information such as their log-in credentials.

After the test is sent out, we gather all the information and report it back to your practice. This is a great educational tool, as it will reveal where your practice has security deficiencies, and also is a safe way to train and teach employees about phishing scams.

Everyone believes that they would never fall for a scam, be it from a conman or email. Until the day they do. Instead of having that day be disastrous for your practice, it could be educational and actionable if done during a bullphishing training exercise implemented by Healthcare Technology Advisors.