9 Steps To Prevent Spear Phishing

Many companies and government organizations are being scammed into wiring money to fake banks. This is not a new issue. Even in 2019, spear phishing is still a common problem.

The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc.

$700,000 theft to Phishing in Naples FL

On August 2019, the city of Naples on the west coast of Florida was phished into transferring $700,000 from a construction large project. Security tools are important but there is a common defense that is being overlooked. Also, the funds were associated with a construction project to renovate 8th street south.

One Mistake Companies Make That Leaves Them Vulnerable To Cyber Attacks

  • Failing to train employees on their role in information security. 
  • Having the right tools in place is critical. Careless internet browsing is another big problem. But the most common mistake is not educating employees on how to spot a threat. 
  • An attacker’s success is changed upon establishing trust with its victims. Therefore, obtaining this protected information via phishing.

What phishing techniques are used by attackers?

  • Including a link in an email that redirects your employee to an non-secure website that requests sensitive information
  • Installing a virus through a malicious email attachment or ad which will allow the intruder to exploit vulnerabilities and obtain sensitive information
  • Spoofing the sender address in an email to appear as a reputable source and request sensitive information
  • Social Engineering – Attempting to obtain company information over the phone by impersonating a known company vendor or partner.

9 steps a company should take to protect itself against phishing

  1. Educate your employees and conduct training sessions with mock phishing scenarios.
  2. Deploy a SPAM filter that detects viruses, blank senders, etc.
  3. Keep all systems current with the latest security patches and updates.
  4. Install an antivirus solution, malware or equivalent, schedule signature updates, and monitor the antivirus status on all equipment. 
  5. Develop a security policy that includes but isn’t limited to password expiration, password length and complexity.
  6. Deploy a web filter to block malicious websites.
  7. Encrypt sensitive company information when sharing over the internet.
  8. Convert HTML email into text only email messages or disable HTML email messages.
  9. Require encrypted connections to trusted network for employees that are teleworking.

As a result, when attackers get past the security systems, educated users can prevent a company from being exploited of their information.

For questions or more information – CONTACT US

Do you have any questions?

Leave a Reply