phishing

Don’t let your employees get hooked by phishing

21/12/20173 Minute Read

We’ve all been there. Whether it’s browsing Facebook, scanning your Twitter feed, or simply perusing email, curiously worded messages promise great fortunes—or spectacular destruction of your personal worth. While these phishing techniques immediately send our phony detectors into overdrive, not everyone is quite so savvy about these emails’ malicious nature.

Here are a few tips on how to prevent a data invasion due to an overly curious employee.

Diagnose the problem

Phishing attacks are, at their core, a form of social engineering. Someone, somewhere, has carefully picked each word and sentence of that alarming email with the intent of squeezing some sensitive information out of you. Admittedly, some choose their words more carefully than others, but the basic aim is the same: to deceive you into believing they are who they say they are.

After the social engineering aspect of phishing, things get a bit more diverse. These attacks come in forms ranging from social media posts to text messages and everything in between. Essentially, if you can communicate with it, you can phish with it.

Phishing techniques using analogue communication methods are obviously after tangible data: things like financial, identification, and authorisation information. On the other end of the spectrum are more complex attacks through digital means, like email, websites, and social media.

Both are harmful, and both can lead to larger data syphons if they aren’t addressed. In particular, digital techniques can spread malware through entire networks with the single click of an insidious attachment. In organisations with more than a handful of users, this can present a nightmare-inducing dilemma. How can you keep your users from falling victim to these attacks?

3 steps to help users detect phishing

The success of phishing attempts boils down to two things: charisma and gullibility. If the charisma of the enemy outweighs your gullibility, then you’re in for some tough times. With this in mind, you should focus on reducing the gullibility of your users and enlightening them to the suave tactics of phishing experts. For example, most people don’t actually realise that email is one of the easiest forms of communication to defraud. Case in point: this recent news item from CNBC.

Don’t be a victim. A good strategy should generally include the following three steps:

1. Educate

Education can be as simple as showing your users exactly what phishing attacks are capable of. Inform them of the myriad ways in which these attacks are presented and how they can compromise both the user and the organisation.

2. Reinforce

Reinforcing this education is key, especially as attacks continue to evolve. Think outside the box to prevent death by boredom. For example, you could send mock phishing attempts and offer prizes for those users who spot the attack first. Basically, anything to get your users to see things from your perspective in a less monotonous way is good here.

The goal is to fend off grandma syndrome in your users—the types who believe everything they read online—even in an era of fake news. Install a healthy dose of scepticism and generally sound surfing practices in your users, and you’ll be in good shape.

3. Watch

Finally, don’t be afraid to take things into your own hands. Stay proactive by keeping antivirus software, SPAM filters, and security patches current. Look for central solutions to monitor network activity and device health. Since your users’ willpower will likely fail at some point, it might even be worth looking into self-healing infrastructure.

Follow these simple steps, and your organisation will be safer than it was yesterday. Better yet, you won’t walk into work one day and curse when an employee walks up to you with a computer brought down by a sophisticated phishing attack. That’s one more headache avoided.

Tektonika Staff 09/08/2018 3 Minute Read

Are you sending data to your printers securely?

Defending data from hackers, internal threats and malicious third parties has never been easy. The Internet of Things (IoT) has given cyber attackers...

Tektonika Staff 26/07/2018 5 Minute Read

Cybersecurity taps machine learning to do what humans cannot

Researchers are rapidly advancing AI's ability to deliver the always-on, proactive watchfulness needed for today's complex threat environment. Michael...

Tektonika Staff 19/07/2018 4 Minute Read

Prevention or recovery: Where should limited cybersecurity resourc…

As cyber attacks become more complex, a lively debate has emerged on the best defense strategies. Michael Keller, March 13, 2018 A 2013 scheme by...

Leave a Comment

Your email address will not be published. Required fields are marked *