Would the offer of a free lunch tempt you to inadvertently put your company’s data at risk?
That’s the type of question on Paul Burke’s mind, Lead Technology Business Partner in Severn Trent.
Paul and his colleagues are continually coming up with interesting ways to better prepare the organisation for potential cybersecurity threats. Something every business must be ready for. Including yours.
Fake phishing to test teams
Phishing emails are sent by cyber criminals to encourage recipients to open files or click on links to steal identities, thieve confidential information, or spread viruses.
However, people in Severn Trent Services have been subject to a series of mock phishing attacks orchestrated by Paul and his co-workers. The idea is to prepare them for bogus emails that might come their way in the future. This is one of several initiatives designed to protect the business against cybercrime.
Paul explains “We’re always looking to ensure our employees remain alert in identifying suspicious emails and not clicking on links they really shouldn’t.
“For example, we sent one email that was disguised as being from a fast-food chain. It told the reader they’d been gifted a free meal. But if they clicked on the link, we told them they’d been fake phished!
“During these mock exercises, if any employee mistakenly opens or clicks on something they shouldn’t, we’re able to give them on-the-spot feedback, guidance, and coaching on how they can identify phishing emails, so they’re much more aware moving forward.”
The fake phishing tests provide important data and insights for Paul and team. For example, it helps them to identify where there are knowledge gaps in the business, or whether the type of device changes a person’s behaviour.
Severn Trent Services get wise
Paul says he’s awarded top marks to people in Severn Trent Services for being wary of suspicious emails that could pose a cybersecurity risk. He’s also seen more reports coming through which shows the organisation is a very vigilant one.
He adds: “The fake phishing initiatives have been successful in educating employees. They’ve also appealed to people’s competitive side. Everyone’s keen to make sure they’re not the one that gets scammed!” “More exercises are being planned and executed all the time to reflect the changing nature of cybercrime across the industry.”
Cybersecurity and ESG
All organisations, including Severn Trent Services, are being held accountable for their performance against environmental, social, and governance (ESG) criteria.
Paul says: “Cybersecurity is a key factor within an ESG framework.
“From a social perspective, it’s about doing the right thing by our employees, suppliers, and customers by taking extreme care of the data they trust us with.
“From a governance perspective, it’s about having the standards and processes in place to improve our ability to prevent, detect, and respond to external cybersecurity attacks.”
It’s a family affair
Both Paul and his wife work in technology and cybersecurity within the Severn Trent Group.
Paul reveals: “You could say we’re a very cyber-safe household because of our jobs! And we’re very proud to work for a company that has never experienced a data breach.
“That’s no accident. It’s a result of a relentless effort to protect ourselves against cybercrime right across the Severn Trent family.”
Paul’s five top tips for spotting scams in emails
- Think about why you’ve received an email. If you’ve never subscribed to ‘Paul Burke’s Burgers’ for example, consider how likely this company is to have your email details
- If you’ve opened the email, check who it’s really from. For example, if it says the sender’s name is ‘Severn Trent Services’, but the sender’s address is email@example.com – then ask yourself why the two don’t match
- Read the copy in the body of the email. Who are they talking to? What are they asking you to do and why? What’s the standard of English? Does it sound legitimate?
- Hover over the links in the email to see what the names of the web addresses look like and whether they match the name of the company sending you the email
- Check the email signature to see if the details look genuine. For example, names, logos, and contact details