5 expert tips to prevent phishing attacks
We’ve looked at the latest phishing trends and the costs involved, but what can IT leaders do about it?
Read our blog on what is phishing and how to avoid costly mistakes.
Here are five top tips from cyber security experts on how to keep your business safe:
1. “Use tech and training for a doubled-up approach to phishing prevention”
Rob Mukherjee, Director of Transformation, EveryCloud
There are many benefits to using a two-fold approach to stop phishing. For example, many IT leaders use an Integrated Email Security System (ICES) alongside a Secure Email Gateway. This is a great combination, as ICES solutions go beyond blocking known threat actors, to detect compromised accounts. The API plug-in to the email provider uses machine learning to spot behavioural differences and then alerts users to any differences via a pop-up banner which is difficult to ignore. This extra layer of security, alongside staff training, offers more than 90% protection against phishing.
2. “Train your staff on the latest phishing threats to create a human firewall”
Russell Johnson, IT Business Partner, Brother International Europe
Your staff are the first line of defence when it comes to phishing attempts, so providing mandatory training is critical. This needs to be a varied and ongoing approach as everybody responds differently to phishing attempts on an emotional level and it keeps key information fresh in their minds. By focusing on the human element, it will complement your technical defences as well as adding value to your overall security awareness initiative.
3. “Create a shared culture of responsibility around phishing”
Dan Giannasi, Head of Innovation, Cyber Resilience Centre
Communication is key when it comes to phishing prevention and many IT leaders foster an open team culture. It means that staff are on the lookout for red flags, and they are more willing to discuss any concerns with you. It is important that employees feel comfortable verifying the content of any suspicious emails with the sender via another route such as text. And they are ready to alert the right people if they do click on a phishing email by accident. Once everyone understands the outcome of phishing, they will pull together to actively help prevent any attacks.
4. “Don’t overlook office hardware when identifying phishing threats”
Joshua Ashton, Director, Symposium IT
Office hardware, such as printers, can also be used by phishers. For example, attackers can gain access to sensitive information to create more convincing spear phishing emails. To prevent this, IT leaders often use secure network connections to ensure that all data transmitted over the network is encrypted. You should also regularly check for, and install, security updates and patches for all office hardware. Elsewhere, establish access controls and set permissions for who can access printers and monitor usage. Another good way is to only invest in hardware from a trusted partner. For example, the Secure Print Professional Printer Range from Brother offers triple-layer security.
5. “Put your phishing resilience to the test”
Russell Johnson, IT Business Partner, Brother International Europe
As phishing gets more advanced it’s common to test your IT resilience against potential attacks. Many IT experts invest in a security awareness platform to ‘phish’ staff on new attack vectors which they may be susceptible to. The software also allows IT managers to track phish-prone percentages across the whole business and use a data-led approach to improve performance and identify problem areas. There are new solutions coming to market all the time so keep an eye on the latest innovation as well as evolving any mandatory training to reflect real-life phishing examples.
Click here for more information about Security by Brother.
