Phishing scams are attempts by cybercriminals to trick users into performing some type of action like clicking on a link, entering credentials, opening an attachment or even making changes to a company’s process. They can result in ransomware, installation of malicious software, stolen credentials, theft of money, data loss or even identity theft. Phishers exploit common reactions, like trusting people you know, to trick you into doing something that you normally wouldn’t. In this blog, we look at simple steps to prevent, respond, and learn from phishing scams.
Prepare by enhancing your technical defenses and viewing your workforce as an extension of your security team. Set up proper spam filters, a secure email gateway and using standard email authentication protocols (like DMARC, DKIM or SPF) and other technologies are all key to stopping the phishes from making it into inboxes. It only takes one click from one person to potentially create havoc.
Train your employees on what phishing scams are and how to identify them. If possible, test their ability to identify them and reward them when they spot them. Encourage your people to report suspicious emails to your security team, and this is even better if you have an easy way for them to do so. Don’t let phishing or security become a once-a-year topic; keep the conversation going.
What should you do if your organization falls for a phishing attack?
Remember, phishing scams are designed to trick you. You may have implemented the best anti-phishing countermeasures and awareness programs, yet still have a user fall for a phishing scam. It happens. What’s most important is that you are prepared to respond.
Consider these recovery steps and work with your cybersecurity teams to build an appropriate response and recovery plan for your organization:
Contain potential exposure
If a user interacts with a malicious phishing email, try and isolate the machine and ensure that your cyber team gains access to investigate.
Force the user to change his password. Depending on the context, it is smart to change all of them as you may not know the extent of what may have been compromised.
Follow your incident response process
A phishing attack is a type of cybersecurity incident. Follow your incident response processes, which should include steps to identify the phishing email, locate it within other users’ inboxes, remove it from those inboxes, investigate the impact and triage it accordingly.
Look for malware
Use your monitoring tools to scan the user’s computer and your network for malware, suspicious activity or anomalies.
Depending on the nature of the phishing attack, if the user divulged any personal information, the user may want to set up fraud alerts with appropriate credit-monitoring bureaus. If the phishing attack spoofed or impersonated a real company, share that information with the other company so they can alert other users as well.
Take time to learn
As with any cyberattack, the lesson learned from an attack is often more valuable than the data the cybercriminal has stolen. Keep a list of lessons learned and evaluate your existing processes and controls to determine if you could do anything differently. And take the opportunity to ramp up your phishing awareness for your users.
Phishing scams are the top cybersecurity attack vector by cybercriminals that rely on human psychology to convince a recipient to take some type of action. Get ahead of this attempt by setting up your defenses and preparing your employees to help spot a phish. Ask us how (248)357-3980.