By Rex Johnson
Phishing has evolved as one of the most notorious and highly effective cyber threat tactics in recent times. Phishing is the malicious practice of impersonating a reputable source in the form of email, SMS text messages, or even phone calls.
Phishing is typically part of a larger attack plan to extract data like passwords, credentials, credit cards, bank account details, and other sensitive information. The purpose is to use the extracted information to gain access to other protected data, networks, or accounts. Phishing has become so pervasive that one security protocol alone would not be an effective form of protection.
Phishing in cybersecurity is an evolving threat that is highly dependent on market trends and consumer behavior and is often targeted at a specific recipient target base.
Often, these phishing emails are sent to invoke a sense of urgency with the recipient. For example, one pretending to be from human resources stating that your new payroll deduction has been approved will get your attention. Or one from your boss on the results of your performance evaluation is designed to make you respond in haste. With the intent to get you to select the link in the email and release the malicious code.
How can we defend ourselves from phishing attacks? Let’s learn some easy-to-understand and easy-to-follow phishing prevention techniques.
Educate Your Workforce
Educating your staff regarding phishing should be a priority. Hackers target less experienced employees through phishing, relying on the fact that they are not so well versed with cyber theft techniques and can easily be intimidated by an email from senior management. Still, even the most experienced employees can fall for phishing. For example, when people multi-task and click on email links while they are doing other things, they become victims. By educating your staff about phishing, its techniques, and how to recognize malicious emails, an organization can reduce the risk. Companies can also organize phishing awareness programs to keep employees updated, alert, and informed.
One of the easiest, most economical, and effective techniques for evading cyber theft is to make passwords difficult to guess. This can be done by routinely updating credentials, generally every 90 days. The passwords should be unique and strong. Another approach is to mandate your workforce to use a passphrase instead of a password. Passphrases are easier to remember than a random grouping of letters, numbers, and symbols and have been proven to be harder to crack. It is also advised to not use same/similar password or paraphrases for multiple sites.
The cyber crime industry is ever evolving, taking advantage of the latest industry trends, consumer behavior, and industry loopholes. Enterprises should understand that they must be one step ahead of hackers to minimize cyber theft. This requires periodic (recommended monthly) updates to security patches and continuous attention paid to new trending cyber attacks.
Often, malicious actors try to get information through other means, like a phone call or email. Organizations should implement a mandatory verification-seeking policy that outlines the requirements and tasks employees must complete before sharing any data, information, funds transfer, file sharing, etc. Employees should be trained to resist responding right away and personally call or check with the department head or supervisor about any such request.
Email is one of the most preferred attack vector for cyber criminals. Enterprises should continuously monitor and reinforce stringent information security protocols to restrict malware attacks. This can be in the form of installing virus/malware scanners for emails, links, downloads, etc. These programs actively block fraudulent emails/attachments, blacklisted email domains, and links to enter any inbox.
This can be another useful way to proactively detect viruses, blank senders, malicious drafts/emails, or suspicious outbreaks. Phishing emails can be caught in the filters and effectively dealt with the right set of actions before they cascade further in various emails boxes within the organizations.
Offering all employees unlimited and unprotected access to sensitive data can cause serious issues especially if that access is not required to perform their job functions. Restrict access to only those who need it. An organization also can implement time-bound access (limiting access to certain time periods) and multifactor authentication to further safeguard against unauthorized access.
Deployment of web filters within the organization’s security network significantly enables filtration and blockage of malicious websites. Also, all sensitive data should be encrypted to apply a second layer of security in case the data is compromised. With remote-working being embraced by most of the IT organizations, it has become necessary to protect their digital assets in the same fashion as they were being protected earlier within the intranet of the office.
CAI’s cybersecurity analysts work with you directly to map out security solutions that align with your most important criteria, including impact, timing, resource availability, deployment, and financial considerations. Click here to get a customized cybersecurity assessment according to your organization’s requirements.
Since COVID's onset, there's been a 300%* increase in cyberattacks (Cobalt). With organizations moving to remote work environments and new technologies, security vulnerabilities and gaps are surfacing due to outdated strategies. This month, the government and its industry partners evaluate cybersecurity measures ensuring data is protected and secure for all Americans. Read the Center for Digital Government's interview with CAI's Rex Johnson, to understand how to implement a strong cybersecurity strategy for the future.Read the article
According to global cyber education company Cybrint, 95% of cybersecurity breaches occur due to human error. Even with security awareness training becoming more commonplace, mistakes still happen. In this article, CAI's Rex Johnson provides tips to help encourage more security-minded habits across the workplace – from the C-suite on down.Read the article
Recent events have brought the risk of the cyber threats to the forefront for both businesses and the U.S. government. A 2020 study from the Ponemon Institute explains that it takes 207 days on average to identify a breach and another 73 days to contain it. Read the full article to learn tactics that will help improve your organization’s ability to address and mitigate risks as well as increase its cyber-resilience.Get the full story