9 Top Tips to Prevent Corporate Phishing Attacks
It is vital for all companies to recognise the role their staff play in the security of information. Corporate employees are in possession of the right credentials (such as passwords, ID documents, usernames and security clearances) and general knowledge which is of utmost importance to anyone trying to breach the company’s security and gain information. One way in which an intruder can gain the said protected information is through phishing. This is classed as any attempt by electronic means to steal sensitive information like passwords, usernames, credit card details, etc., for malicious purposes, by masquerading as someone trustworthy. In a business context, this means getting the necessary information to gain access to otherwise protected networks, data, etc.
The gaining of trust from the victim is crucial to the success of this activity, and since we now live in a digital age, gathering information has become much easier than before. There are various methods of phishing used by attackers which can have a very negative impact on a business and its employees. These include:
- Sending an email containing an embedded hyperlink which redirects the recipient to a non-secure website which requests sensitive information;
- Attempting to obtain information by telephone by pretending to be a member of the IT department or a known business contact;
- Installing a Trojan horse in a malicious email, via an attachment or advertisement, which enables the sender to exploit loopholes and thus steal restricted information. (A Trojan horse is a malicious computer programme, which dupes the user into installing it, by representing itself as a free gift, something useful, entertaining, etc.)
In order to prevent such abuse, a company can take the following steps to educate its employees about phishing:
- Conduct training sessions on this topic, with mock phishing scenarios;
- Install a spam filter on all company systems which detects blank senders, viruses, etc;
- Keep all systems up to speed with the latest security patches and updates;
- Install anti-virus solutions, and monitor the anti-virus status on all equipment;
- Use a web filter which blocks malicious websites;
- Make use of a security policy which includes password expiration and complexity;
- Ensure that all sensitive company information is encrypted (this is defined as the encoding of information or messages in such a form that only authorised personnel will be able to read it);
- Require that all telecommuting employees have encryption;
- Convert HTML emails into text-only ones, or disable HTML ones.
These are just a few of the multiple measures which companies can take against phishing attacks, which threaten their security and integrity. They should keep up with current anti-phishing measures to ensure they can recognise and eliminate new threats as they evolve. It is just as important to ensure that all employees are aware of these types of threats and how to avoid them. Properly secured systems and informed staff are key in preventing theft of sensitive data from your business through malicious activities of this kind.
Picture courtesy of www.ifsecglobal.com