All companies and government offices work diligently to provide and deploy the best and most up-to-date security on the market. Canada's Justice Department operates no differently and, following some internal testing, they are taking a long look at employee email habits.
Security check goes awry
The Canadian Press reported that department officials conducted a mock phishing scam involving some 5,000 employees, last December. When the results came in, it was revealed that nearly 2,000 staffers actually clicked on a phony email link. Now, according to the article, department officials have some serious concerns about the safety of critical and sensitive information.
The news outlet said the email and phony link looked real and the rate of employees accessing the email, 37 per cent, was far greater than that of the general public which, Justice Department figures showed, only clicked on phishing emails 5 per cent of the time. No actual privacy breaches linked to phishing emails have occurred within the department, said spokesperson, Carole Saindon.
More security tests are planned
Saindon, quoted by the Canadian Press, indicated that more tests are planned for July, August and October and that they will be increased in sophistication each time. More than 156 million phishing emails are sent each day around the world, according to the government, and if clicked on, private information, passwords - even financial information - can get into the hands of thieves or other criminals. Saindon also mentioned other mailings sent during February and March showed that employees were getting smarter as the number of clicks dropped significantly from the December test.
What's a consumer to do?
In Canada, the federal government has created a website designed to show consumers how to protect themselves against phishing and other scamming tactics. Get Cyber Safe covers a number of safety and security issues regarding the Internet. According to the site more than 1 million Canadians have entered personal, financial or otherwise important and vital data on websites they couldn't verify.
Common sense is a good way of protecting data, says the site. Don't click on unknown emails and never enter passwords or vital information on any unfamiliar site. Chances are good that the information will go straight into the hands of malicious individuals or organizations looking to steal assets and identities.
The Justice Department added that being vigilant, careful and knowing not to open emails from unknown senders can keep business and consumers safe from attacks from unscrupulous Internet operators.
By the way, of the Justice Department's 5,000 employees nearly half of them are lawyers.
Makes one wonder how many lawyers it takes to click on a phishing scam.