From Anthem Healthcare to the Democratic National Committee data breaches have been more widespread and costlier with time. At the start phishing attempts were mostly laughable, misspelled words in broken English about Nigerian prince’s. Today phishing campaigns can produce emails and websites that can’t be distinguished from those they emulate. Still the good guys in technology has stayed mostly current with their counterparts that lie, steal and sometime ruin lives with their crimes. However, one part of the story that has kept email phishing and data breaches alive and well are its potential victims themselves. People, employees who haven’t received proper training and don’t take the time to stop and think before they click inside an email help to perpetuate the spread of malware.
It’s interesting to learn that most phishing sites are up and running less than 24 hours. This gives traditional methods of protection, updates to operating systems and security software, very little chance of staying current. Additionally, phishing sites are not dedicated to that purpose anymore but are hidden within benign domains.
So as phishing emails increase it is imperative for the employees of an organization learn how to “not take the bait”
To follow are some of the most common tips offered to help email users:
- Stay aware! – If you receive an email from someone you know, but it seems out of character, check with the sender for its authenticity.
- Check it out! – If you’re unsure about an email, and the links within it, hover your mouse over the links and it will show you the URL it contains. If it looks to be deceptive delete the email right away. If the web address appears to be right, check it again making sure everything is spelled correctly.
- No unapproved downloads.
- Do not click any links within email without a thorough vetting process of the link. Remember the mantra, when in doubt throw it out!
- Be aware that over 60% of the impersonated companies are either in the fields of technology or finance. Be extra cautious as you receive offers in email from these types of companies.
Strengthening an organization’s IT security policy means moving beyond technologies that are designed to detect the older “static” phishing domain with more advanced and automated technologies. Also, the company’s employees have to be engaged in the fight through awareness training to catch the attacks that get passed the first and second lines of defense.
You can contact me at (513) 227-4131 or firstname.lastname@example.org for specific strategies to join the fight like training your users what to look for!