Businesses worldwide have lost more than $1.2 billion in business due to e-mail scams, according to FBI reports. After experiencing this firsthand, marketing services company Dominion Enterprises focused on training its employees to prevent them from succumbing to such scams. In 2016, Dominion Enterprises (DE) expanded its single Phishing course (launched in 2015) to a comprehensive Cyber Hero Boot Camp learning path.
Program Details
Before building the courses internally, DE’s IT Support director evaluated vendor offerings. The cost to train employees was estimated at $18,000 per year. The vendor training was more generic and impersonal compared to internally developed courses, which use real DE examples and are targeted toward the organization’s employees.
These courses provide real-world examples to help employees discern red flags and avoid getting scammed. The Cyber Hero Boot Camp includes online, self-paced courses around phishing, social engineering, and helping employees understand their role in and responsibility for avoiding e-mail scams. It focuses on teaching employees how to avoid getting into trouble and what to do just in case they do.
Some 82 percent of employees have successfully completed the Cyber Hero Boot Camp learning path. Employees found the following content most useful:
- Being aware of some of the tricks used by “social engineers” will help me avoid exposing our systems to malware.
- Checking to see if the link in an e-mail is the same Website you’re going to visit once you click on it.
- General awareness about what to avoid and look for with these phishing attacks.
- Getting a better understanding of how a hacker can get my information and what I can do to protect myself.
- Learning about hovering over links before you click on them in an e-mail.
Results
Here is one example that demonstrates the effectiveness of this training: In August 2016, DE’s Internal Audit department sent a fake phishing-type e-mail to all employees with the subject line, “Dominion Salary Statistics Newsletter.” Eighty-eight percent of employees ignored or deleted it (the right thing to do). The remaining 12 percent either clicked the link, gave up their credentials, or opened the attachment and enabled content.
In addition, DE’s Help Desk tracks how many e-mails are reported as potential scams. In 2015-2016, the number of actual scams was 482. In 2016, the number of scam e-mails in which employees clicked on a link and the number of scam e-mails that reached DE customers were both reduced by 50 percent as a result of this training.
Employee feedback on the Cyber Hero Boot Camp:
- 80 percent of employees said they learned new knowledge and skills and the training improved their job performance.
- 100 percent of employees said they will apply what they learned.
- 60 percent of employees said the training positively impacted the quality of their work.
- 51 percent of employees said their knowledge and skills increased 50 percent or more.
