Protecting Your Organization From Phishing Schemes: Tips From the FBI

It’s not just the bad actors that we at Core Security want to protect you from – we also want to protect you from yourself. It’s all hands on deck when it comes to securing your systems and the systems you interact with on a daily basis. Everyone personally has, on average, four devices to keep track of - all with different accounts (or even the same) on each with a plethora of passwords to remember all while trying to ensure you have the proper security measures in place to ensure the bad guys can’t get in.

All that is to say, you could have the right precautionary measures in place to help eliminate the number or size of security gaps within your organization – but all that could be for nothing if you simply open the wrong email.

At the end of 2016, phishing emails were the cause of 91% of cyber attacks. And throughout 2017 we’ve seen that trend carry on as email remains the leader in the method in which adversaries infect devices and systems with malware. Just think back to a few months ago when Gmail users were targeted. This isn’t a tactic going away any time soon so it’s time to prepare and learn how to combat it.

Recently, the FBI published a list of ways to combat these attacks, increased awareness campaigns and response plans to phishing schemes from adversaries. Let’s look further into some of their suggestions:

  • Don’t use free web-based email accounts. This is just asking for trouble. With so many people able to access and obtain free web-domain email addresses it becomes a tall order for the providers to ensure everyone with an account is protected. If you are looking for an email domain to use for your employees, go ahead and purchase a domain associated with your business name.
  • Keep firewalls and virus software up-to-date and ensure they are as powerful as possible. Make sure you are downloading your security updates in a timely manner. Those programs push out updates for bug fixes and added layers of security so not taking the time to update your programs gives a playbook to bad actors who are trying to get their hands on your sensitive data.
  • Report and delete suspicious emails. Don’t open emails that you question – even in the slightest. It’s better to be safe than sorry. If you see something, say something. Even if it’s a false alarm, your IT and Security teams will be grateful that you are looking out for the betterment of your entire organization instead of just trying to sift through your emails as quickly as possible.
  • Encrypt your emails. This especially goes for if you are transferring sensitive information. Making sure the sensitive data you’re sharing with fellow colleagues or external personnel is safe is critical for all parties involved.

Though the tips may seem straight forward or simple, it really can be difficult to differentiate between what’s real and what’s being sent from an attacker. It all starts with increasing awareness and testing employees routinely so they are better able to differentiate between potential attacks and everyday emails.

If you’re looking for a tool to help train and test your employees to recognize the risky emails, speak with one of our security specialists today about Core Impact and how it can leverage you and your employees to combat the biggest threats out there.