登录查看更多内容

How can you secure remote users against phishing attacks?

由人工智能和领英社区提供技术支持

Phishing attacks are one of the most common and dangerous threats to remote users, who may not have the same level of protection and awareness as on-site employees. Phishing is a form of social engineering that uses fraudulent emails, websites, or messages to trick users into revealing sensitive information, downloading malware, or performing unauthorized actions. As a network administrator, you can take several steps to secure your remote users against phishing attacks and minimize the risks of data breaches, identity theft, or ransomware.

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

1 Educate your users

The first and most important step is to educate your remote users about the signs and consequences of phishing attacks. You should provide regular training sessions, newsletters, or quizzes that cover topics such as how to recognize phishing emails, how to verify the sender's identity, how to avoid clicking on suspicious links or attachments, and how to report suspicious activity. You should also encourage your users to use strong passwords, enable multi-factor authentication, and update their software and antivirus regularly.

添加您的观点

Geofrey Nyangoya

?? IT Support Specialist || ?? IT Executive || ??? Network Security Enthusiast || ?? LAN/WAN Management Expert || ?? Virtual Assistant
举报内容
Provide comprehensive training on recognizing phishing attempts and the importance of verifying the authenticity of emails and websites. Conduct regular awareness campaigns to keep remote users informed about the latest phishing techniques and threats. Implement advanced email filtering and anti-phishing solutions to detect and block phishing emails before they reach the user's inbox. Ensure that these solutions are kept up to date to address evolving phishing tactics. Enforce MFA for remote user access to critical accounts and systems. Even if a phishing attack compromises login credentials, MFA adds an additional layer of security by requiring a second form of authentication.

已翻译

赞
Gary Fagerholm

IT Security Engineer at CeriFi | M365 Teams SharePoint Exchange Online Azure AD Leader | Generative AI Copilot Innovator
举报内容
If possible you should include phishing campaigns against your users to establish a baseline of which users are more prone to fall for phishing campaigns so you can include targeted training for a specific user base.

已翻译

赞

2 Implement email security

The second step is to implement email security measures that can filter out or flag phishing emails before they reach your users. You can use tools such as spam filters, anti-virus scanners, email encryption, and domain authentication to prevent or reduce the chances of phishing emails reaching your users' inboxes. You can also configure your email server to block or warn users about emails from unknown or spoofed domains, or emails that contain malicious content or attachments.

添加您的观点

Jordan Akroyd

PKI Guy | Senior Technical Specialist at BNZ
举报内容
Verified Mark Certificates can provide some extra security which some email endpoints are adopting. This places your logo in line with the email in the inbox. It requires DMARC to be setup.

已翻译

赞
Gary Fagerholm

IT Security Engineer at CeriFi | M365 Teams SharePoint Exchange Online Azure AD Leader | Generative AI Copilot Innovator
举报内容
Proper Dmarc setup and configuration is going to become more prevalent and required moving into 2024 and beyond. Start by ensuring all your spf records for all domains are properly accounted for and configured. Setup dkim for all domains. Them move onto Dmarc config for all domains with confidence from the info you pulled from your spf Co figs as well as knowing that you will run Dmarc in report only mode for a period.

已翻译

赞

3 Monitor your network

The third step is to monitor your network activity and performance to detect and respond to any potential phishing attacks. You can use tools such as firewalls, intrusion detection systems, network analyzers, or log management systems to track and analyze the traffic and events on your network. You can also set up alerts or notifications for any unusual or suspicious behavior, such as spikes in bandwidth usage, unauthorized access attempts, or data transfers. You should also have a backup and recovery plan in case of a successful phishing attack that compromises your data or systems.

添加您的观点

Gary Fagerholm

IT Security Engineer at CeriFi | M365 Teams SharePoint Exchange Online Azure AD Leader | Generative AI Copilot Innovator
举报内容
For most systems you also have the option to setup administrator alerts for anomalies within the inbound and outbound mail routes. Making sure you've setup the proper alerts and that they are functioning properly is key.

已翻译

赞

4 Review your policies

The fourth step is to review your policies and procedures for remote work and security. Your policies should be clear, consistent, and up-to-date in order to reflect the current threats and best practices for remote work. It is important to communicate these policies to your remote users and enforce them with regular audits or checks. Examples of policies to review include how to access and use the company's network and resources remotely, how to handle and store sensitive data and documents, how to report and escalate security incidents or issues, and how to comply with the company's security standards and regulations.

添加您的观点

5 Test your defenses

The fifth step is to test your defenses and evaluate your readiness against phishing attacks. You can conduct simulated phishing campaigns or exercises that mimic real-world scenarios and measure how your remote users react and respond. You can use tools such as phishing kits, email templates, or landing pages to create realistic and customized phishing emails and websites. You can then analyze the results and identify the strengths and weaknesses of your users and your security measures. You can also use the feedback and data from the tests to improve your training, security, and policies.

添加您的观点

6 Update your knowledge

The sixth and final step is to update your knowledge and stay informed about the latest trends and developments in phishing attacks and security. You can subscribe to newsletters, blogs, podcasts, or webinars that cover topics such as phishing techniques, tactics, or campaigns, security best practices, or industry news. You can also join online communities, forums, or groups that share information, tips, or experiences about phishing and security. You can also attend events, workshops, or conferences that offer opportunities to learn, network, or collaborate with other network administrators or security experts.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Rohit Tarang

Associate Manager IT @ HCG | Networking | Cloud
举报内容
Implementing multi-factor authentication (MFA) to add an extra layer of identity verification. Employ a virtual private network (VPN) to secure communication channels and encrypt sensitive data transmitted between remote users and corporate networks. Regularly update and patch all software to address vulnerabilities. Establish clear incident response procedures in case of a phishing incident and conduct simulated phishing exercises to continually reinforce user awareness and resilience.

已翻译

赞

Network Administration

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you secure remote users against phishing attacks?

1

2

3

4

5

6

7

1 Educate your users

2 Implement email security

3 Monitor your network

4 Review your policies

5 Test your defenses

6 Update your knowledge

7 Here’s what else to consider

Network Administration

给文章评分

感谢您的反馈

更多Network Administration相关文章

更多相关阅读内容

How can you secure remote users against phishing attacks?

1

2

3

4

5

6

7

1 Educate your users

2 Implement email security

3 Monitor your network

4 Review your policies

5 Test your defenses

6 Update your knowledge

7 Here’s what else to consider

Network Administration

给文章评分

感谢您的反馈

查看其他技能