See Yourself in Security: Protection against Phishing Attacks starts with you!
See Yourself in Security: Protection against Phishing Attacks starts with you!
TekMonks focus continues for Cyber Security Month with the theme "See Yourself in Cyber," where the focus is on people and their impact on Cyber Security.
Phishing schemes might be the perfect example of the importance of people, and their activities focused on Cyber Security. For those that may not know, phishing schemes are when cyber criminals send out emails from what appear to be trusted sources to retrieve information from the user, such as credentials to access work and personal applications, or to solicit money or rogue services from the receiver.?
Think you are too smart to be a victim of a phishing attack. So was I, but I almost fell for a scheme that used an email from a colleague that sounded very legitimate. To read more about social engineering schemes on the internet, review our recent article on LinkedIn What Are Social Engineering Attacks?
The first thing to remember is no legitimate service would request valid user credentials in an email or, frankly, on the phone. Second, if the money requested appears to be from family or friends, be wary of the legitimacy of those requests.?
In this day and age of more innovative cyber-attacks such as those leveraging artificial intelligence, you might think phishing lacks the sophistication to make it a major security issue. However, that simplicity makes it so popular and successful for cyber-attacks. The Cisco 2021 Cyber security threat trends report states, "It targets the weakest link in the security chain: the user. Phishers usually masquerade as a trustworthy entity in an electronic communication. That’s probably why it accounts for 90% (that’s not a typo) of data breaches."?
Combating phishing schemes requires all users to be vigilant about learning to detect and not react to phishing emails. This can be challenging for us all as many of these attacks come from what appear to be legitimate sources making difficult to implement for security solutions to stop them.
What can a user, the people in cyber, do to help protect themselves from phishing schemes?
There is an FTC site focused on best practices to protect yourself from phishing schemes. Below is a summary of their recommendations.
Learn how to recognize a phishing scheme. Simply put, be suspicious of emails that appear not to be accurate, could be too good to be true, and are asking for information and possible security exposures. Also, just because the from shows a legitimate source many times, if you look for the actual email address, you will see it is not coming from the company mentioned in the email.
Keep the software on your computers, smartphones, and devices up to date. Whether you are Windows, an iPhone user, or an android tablet user, make sure that you keep the software up to date. They are constantly updating for security concerns and working on updates to help users stay a step ahead of the cybercriminals.
领英推荐
Leverage security software to help protect against phishing attacks. Whether it is anti-virus and malware protection software or other security solutions available to you, leverage their ability to block rogue email and URL attacks.?
Use Multi-factor authentication when offered by applications and cloud services. Once you realize that you were a victim of a phishing scheme, it will be comforting to know they need an additional authentication factor to access the account they are attempting to compromise. It allows you to change your password and assure their scheme failed after all.
Back up key data and information. Finally, ensure you are backing up key personal and work files and information so that if the scheme were to impact your computer, you would not lose any information if there was a successful phishing attack.
How can companies protect their employees and confidential data and applications from phishing?
Educate employees on identifying phishing emails and schemes and follow the steps above to protect themselves and the company. Cyber teams try to be a step ahead of cyber criminals because phishing targets emails often appear to be from valid email addresses and domains, making it very difficult to protect the whole company from the attacks.
Keep up with and update email filters to block known and suspected email addresses and domains.?
Assure software on all systems is kept up to date, especially antivirus and software.
Implement a firewall that can maintain a list of bad links to block known URLs from being opened from these phishing emails such as TekMonks Smart Firewall.?
Report the phishing attacks, whether it is targeting your personal or business phishing attack. The more people and companies know about specific attacks and their sources, the less likely they will succeed with their next victim. The FTC article linked above has the steps and links to report phishing breaches.
At TekMonks, we have a suite of security solutions that can help proactively respond and prevent attacks. To learn more, review Brian Silverman’s recent article on LinkedIn for TekMonks focused on Cyber Risk and Attacks can Start on the Inside!
If you want to discuss further how to prevent phishing attacks or learn more about TekMonks security solutions, contact the TekMonks team at [email protected].