Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information. As of today, e-mails are being sent to get information such as passwords and credit card numbers.
Phishing is one of the most popular ways of getting information from users and this is because there is a lack of training and awareness about phishing and ransomware. According to the research, 6% of users have never received security awareness training, crushing confidence in staff’s ability to recognise threats and act dutifully.
There are steps you can take to minimise the risk of phishing attacks:
Step #1 – Creating a barrier
You must make it difficult for the attacker to reach users. This can be done by implementing anti-spoofing controls to stop your e-mail addresses being a resource for attackers. You can consider what information is available to attackers on your website and social media and help your users do the same.
Tips: Set training and awareness seminars where users can learn how to spot these attacks. Also, you should filter or block incoming phishing e-mails.
Step #2 – Identifying and Reporting
It is very important to help users identify and report suspected phishing e-mails. Relevant and regular training can help users spot phishing and minimising the risk of being attacked. Create an environment where users can seek help or advice through a clear reporting structure and useful feedback.
Tips: Do not open e-mails when you do not know the sender. Remember to only use your log in details on official websites.
Step #3 – Protect your organisation
It is very important to remember that no amount of training can help staff spot every e-mail. You therefore need to protect your organisation from the effect of undetected phishing e-mails. Begin by protecting your accounts. You can make authentication more resistant by setting up 2FA for example. You can also protect users from malicious websites by using a proxy server and an up-to-date browser.
Tips: Ensure authorisation only gives privileges to people who need them.
Step #4 – Quick Response
Responding quickly can minimise the damage done to your business! You need to define and rehearse an attack response plan for different types of incidents, including legal and regulatory responsibilities.
Tips: most importantly, you need to encourage users to report any suspicious activity quickly so that actions to prevent an attack can be taken.
At CSE Agency, we do not only provide Cyber Security packages, but we can also train your staff to identify and report suspicious e-mails quickly and effectively. Most of the attacks start from a user sharing their personal information on a website which they believed was legitimate but was in fact from a phishing email.
If you have been breached, do not hesitate to contact our response team and we will be happy to assist.