5 Tips for Preventing Phishing

You’ve heard that employee errors account for many of the cyber security incidents that cost companies extensive time and money. Phishing is one of the most common ways that intruders prey on employee vulnerabilities, using urgent language or impersonating supervisors to get employees to turn over sensitive information.

Much of the advice around phishing centers on employee training, but a quick lesson on how to recognize the urgent language of a phishing email doesn’t go far enough. In addition to next-level training, here are some tips for preventing phishing attacks at your company:

Go Next Level With Awareness: Don’t stop at just telling employees what to watch for with phishing. Give them specific information about the types of phishing attempts most likely to target them. For instance, when they post on LinkedIn that they have a new job, they immediately put themselves as a potentially easy target for hackers. Hackers know that they are probably a little nervous and an urgent email from a superior is likely to hit a nerve.

Phishing attempts will also be tailored to their role. A developer is likely to receive a phishing email that looks like it’s from Amazon Web Services, while someone on the finance team will receive phishing that looks like it’s from their own bank.

Make it Easy for Employees: Set up your email system so that it’s easier to identify fake emails. If external emails are marked, your employees will have an easier time identifying a supposedly internal email that is demanding credentials or other sensitive information.

Utilize the Best Tools: There are a lot of benefits to adopting a zero-trust network access approach, but some of them are particularly related to preventing phishing. For instance, using multi-factor authentication means that even if an employee mistakenly shares a login with a hacker, that hacker won’t be able to get through the additional step of having to grab a code from a short message service (SMS) text.

Pre-filtering solutions can also prevent phishing emails from ever hitting your employees’ inboxes. A secure web gateway can also block phishing emails with a combination of machine learning, signatures, and heuristics to identify potential problems.

Monitor the Dark Web: If your employees have released information to malicious actors without realizing it, you may be able to detect the information by monitoring for your company name or email addresses on the dark web. Once these vulnerabilities have been detected, you can alert those potentially impacted, as well as change passwords and add more protections to prevent an intrusion.

Have a Plan: Your employees are not ultimately responsible for cyber security; your security team and IT executives are. So make sure that employees have a clear set of instructions for what to do when they realize that they have been the victim of a phishing email.

For more information on how to design a cyber security strategy that includes specific provisions for phishing, contact us at One Connect. From assisting you with training objectives and identifying the right solutions for your security team, we can guide you to a more secure environment.