A Good Security Strategy Begins With Phishing Prevention
December 19, 2018
You hear about a different security breach every few weeks, and it’s hard not to wonder how your strategy stacks up against those companies experiencing a crisis. Fortunately, there’s a lot you can do in the area of phishing prevention that goes a long way in protecting your company from a breach.
It begins with employees who are informed about the risk of a breach and how it’s most likely to happen. Your threat or breach may not make headlines; instead, it could be that a combination of small but damaging incidents cause enough headaches and productivity loss that your company suffers. Here are the areas you should concentrate on when teaching phishing prevention:
Email: If a hacker gains access to the email account of a high-level executive, they can use it to send out instructions for a financial transaction.
The fix: You should require multiple authentication steps for any financial transaction, and create company policies that help distinguish a true request from a fake. You should also require staff members to change their passwords on a regular basis.
Ransomware: Hackers install malicious code into the company’s system, with access restricted until the company pays the hacker a ransom.
The fix: Regular backups help ensure that no ransomware attack is all that threatening. You should also ensure that your network security is up-to-date.
Phishing: In a phishing email, the sender requests personal information in order to gain access to company networks and systems.
The fix: Teach employees the characteristics of a phishing email, such as urgent language or simply receiving an email that they weren’t expecting. You can also invest in a security platform that blocks phishing emails before they reach an inbox.
Dynamic data exchange attacks: Malicious code can be hidden in a file, such as a PDF or a Word document shared through an email. When the file is opened, it activates the code, which installs itself on the network and introduces opportunities for more hackers to access the system.
The fix: Help employees understand the risk of opening a file that they weren’t expecting or that arrives in an unusual format. You can also ensure your security protocols are regularly updated and that email filtering applications prevent these types of attacks.
Voice phishing: This is the analog edition of phishing, with callers attempting to gather personal information, like PIN numbers or other details from the employee. In many cases, these callers impersonate representatives from a financial institution.
The fix: Talk with employees about the dangers of releasing information over the phone, and how to tell whether a caller is suspicious. A Voice over Internet Protocol (VoIP) phone system can prevent many of these types of calls by identifying suspicious phone numbers.
To learn more about phishing prevention, contact us at Access One. Serving the Chicago area and beyond, we help businesses like yours protect their networks and data from phishing schemes that can be costly in terms of financial loss and reputation cost.