Phishing Final Post: How to Fight Phishing
This is Part 3 of a 3 part blog series on Phishing.
Given the ways in which phishing attacks occur, it should come as no surprise that companies today need both technical tools and user education to combat these attempts. Your IT security professional, whether internal staff or an external consultant, should provide a multi-pronged strategy which includes both.
SECURITY: Your IT infrastructure should have advanced email security to ensure that as many phishing emails as possible are filtered out before they reach end users. The more useful tools can filter out a wider range of spam to reduce relying on end users to combat phishing. Further, firewall and intrusion detection systems to be deployed to help detect and mitigate successful phishing attacks.
EDUCATION: Training users to recognize and guard against phishing attacks is key, and often over looked by businesses. How to spot phishing attacks, simulated phishing email tests, and specific policies on how to deal with executive level emails requesting fund transfers, should be key components of employee training.
Every new employee should be provided with a thorough education on your IT policies regarding email use, how to respond to emails, and what to do when a suspicious email arrives in their inbox.
Companies need to ensure that their IT security tools are up to date, and that their IT team is monitoring the success rate of tools, education and training, as well as providing ongoing efforts to spot phishing attacks as they grow more sophisticated. With this multi-pronged approach, the risk of phishing can be significantly reduced.
Do you know if your email infrastructure is set up to guard against phishing attacks? Get in touch with us for more information on how to mitigate your risk.