CyberVision - How to protect your organisation from phishing attacks

How to protect against phishing attacks

spear-phishing-carefully-targeted-extremely-damaging-fast-increasing_911x476

Phishing and social engineering have become the main sources of all cyber security breaches with phishing using disguised emails as a weapon in the attacks. The attackers typically impersonate trusted entities, often a real person or company the victim might do business with, as part of their modus operandi. Their aim is to fool the email recipient into believing that the message they receive is something expected by them – such as a request from their bank or note from someone in their company. Getting the message recipient to then click on a link or download an attachment is what the attacker’s main aim is.

The simplest way to avoid phishing scams is to never click on a link in an email. If you get an email from a bank or your credit card company asking you to follow up on something, you should go directly to their secure website to do it. Alternatively, you should contact them by phone using a number provided on such a secure site. Phishing attacks are also often done using spam messages which have never gone away and continue to be one of the tools that criminals still rely on because they cost very little and yet yields results.

Employees are still falling for phishing scams though, no matter how much training they have been given in an attempt to counter this scourge. In the current threat landscape it is much more cost effective to focus on training those with access to critical assets in an organisation and having an incident response plan in place whilst strengthening internal controls as much as possible. Penetration-testing your organisation to find weak spots and using the results to educate employees also helps to promote a culture of more effective cyber security in the workplace.

And then while phishing is the primary cause for security breaches, managing and patching internal systems is just as important. Make sure you’re always running internet security software that scans the websites you visit to check their reputation, such as used by the Browsing Protection app in F-Secure SAFE. This solution helps to protect you from harmful websites, even if you click on the wrong things. Patching vulnerabilities as they are released also creates a hurdle for attackers and forces them to try harder methods of exploitation.

Both individuals and organisations are at risk these days and almost any kind of personal or organisational data can be considered valuable and at risk of being compromised by someone committing fraud and accessing an organisation’s network to obtain the information. Phishing attack protection requires steps be taken by both users and the IT staff at organisations. For individuals, vigilance and awareness is the key and users should always stop and think about why they’re receiving a particular email if it looks suspicious in any way.