Phishing is one of the most prevalent security challenges that organizations face today.
Well over 90% of all cyber-attacks begin with email, as per the latest report from Gartner. Cybercriminals attempt to obtain critical data from organizations and individuals by targeting their login credentials, financial information, company data, etc. An attack, if successful, can jeopardize the entire company.
What is a Phishing attack?
Simply put, a phishing attack is an attempt to collect information from a user on a false pretext, usually sent via an email, asking for some user action. It works in the following way –
- Hacker send an email to the victim
- Victim opens the email, clicking on the website link provided
- The victim enters their credentials on the fake site
- Hacker uses the credentials to log in to the victim’s actual account
These scams can also make use of phone calls (called vishing), SMS messages (called smishing), as well as social media platforms to deceive users into sharing some crucial information.
Fortunately, there are ways to defend against such scams. Below we enlist a few tips to deploy to keep your organizational or individual information safer.
Train your employees –
Phishing only works if the users perform some action such as clicking on a link. So the first and foremost way of combating this attack is to educate your employees about phishing, best practices to follow and dos and don’ts to avoid a breach.
Develop a strong cybersecurity training program that includes compulsory compliance training, interactive educational workshops, and constant awareness campaigns. You can also include mock simulations to further help employees understand the effect of security breaches on the organization.
Some key points to tell employees –
- Be vigilant of any email, phone and text communication you receive, that asks for any important information.
- Do not click on links on any such emails. Hackers often imitate official links to dupe users. Instead of clicking on the link, manually type in the address into the browser.
- Exercise caution with your personal info, such as login credentials and bank details.
- Do not download any attachment provided with the email.
Set up safeguards for your organization –
All organizations should have security checks in place that ensure a safe browsing environment for your employees. Some of these can be:
- MFA – Multi-factor authentication is an effective way of protection. It uses multiple methods to verify the user, such as OTP delivered via text, a physical token, or biometric access – instead of the usual username and password.
- Anti-virus software – Implement anti-virus software on all systems. It helps prevent the installation of any harmful agents on use desktops and laptops. Ensure you monitor and update antivirus software on all systems, with regular scheduling of signature updates.
- White/blacklisting – Create a pre-approved list of ‘safe’ websites while ensuring a ban on unsecured sites that could compromise the company if an employee were to access it.
- Email filtering – Set up secure email gateways to filter out malicious emails, blocking your users from receiving phishing emails.
- Website filtering – Web filtering is another way of preventing hackers from reaching your company users. This type of software works on the basis of either web proxy or DNS.
Avoid public networks –
Communication over open, public networks should be avoided, as the data shared over such networks is not encrypted. This makes it easier for hackers to obtain credentials, financial data, etc. As a company policy, set up a VPN (Virtual Private Network) to provide remote access to employees. VPNs encrypt your data while online, reducing risk.
Learn to identify attacks –
Ensure that your IT admin team is able to identify phishing attacks. Some of the tell-tale signs to recognize these scams are:
- Nonspecific salutations such as ‘Dear Customer’
- Suspicious or unfamiliar links in the email
- Misspelt words, grammatical errors in the message
- Requests for urgent action such as ‘You will get money if you click now’ or ‘Your account is breached, act immediately’.
Ultimately, there is no way of blocking cyber-attacks absolutely. However, deploying some of these best practices can help your organization become safer.
Questions? As the leading cybersecurity distributors in the UAE, we can help! Drop us a message at firstname.lastname@example.org today for a consultation with our experts.