Of all the weapons in a cybercriminal’s arsenal, phishing remains one of the most popular and perilous. Using this technique, hackers will attempt to acquire information such as usernames, passwords, and credit card details via electronic communication by masquerading as a trustworthy entity.
Security software firm Symantec says that phishing attacks are indiscriminate against both large and small businesses, with the number of campaigns targeting employees going up by 55% in 2015. But if you haven’t implemented the following measures, your organization and employees could be next.
Implement SPF (sender policy framework)
“The idea of SPF is that a special DNS record is created for your domain, which lists the IP addresses of servers that are allowed to send mail from your domain,” says Hayden Smith on a blog post by 100TB, a provider of Web hosting services.
“When a mail server that checks SPF receives email from someone, it will then perform a DNS lookup for the SPF record for the domain. This enables it to see which servers are authorized to send email.”
By implementing SPF, you can successfully stop spammers or phishers who appear to be sending email from your domain but are actually using random compromised servers. It can also increase the trustworthiness of your email and reduce spam scores too.
Introduce various security layers
“Employ a layered security approach around your company’s assets and accounts,” recommends Avivah Litan, vice president and distinguished analyst at Gartner. “Organizations should start with relatively strong user authentication that requires more than a user ID and password to gain access to accounts.”
Litan goes on to advocate fraud detection and monitoring for sensitive applications, which will compare user and account activity to update profiles of what constitutes normal behavior by using predictive fraud scoring models.
He also believes that out-of-band transaction verification, which will ask users to validate high-risk transactions via a communication channel different from the one being used to process the request, can be another highly effective layer.
Educate employees about phishing
Even though there are several applications and pieces of software you can install and employ, a lot will still depend on the individual being tricked by a phishing attack. Therefore, it makes sense to educate your employees about phishing. Advice for staff to follow includes:
- Never use links in an email to visit a website unless you’re absolutely sure they are authentic. A much more secure alternative is to open a new browser window and type the URL directly into the address bar.
- Never submit confidential information via forms embedded within email messages, as senders can track this easily.
- Be wary of generic-looking requests, such as emails that are not personalized, do not contain information relevant to the individual, or threaten to close an account, delay services etc.
- Be wary of emails asking for confidential information, because legitimate organizations will never send requests over this medium.
Skills stagnation is a death knell for companies and individuals. Learn How to Create a Culture of Continuous Learning.