The most common security challenge faced by both companies and individuals in keeping their information secure is a phishing attack. Hackers use phone calls, emails, and social media to steal victim's valuable data such as passwords, debit cards, and any other sensitive data.
In this regard, Lisa Mitchell, the Semalt Customer Success Manager, gives an expert advice on how organizations and individuals can work to avoid and prevent phishing attacks. Find out the responses in this article.
An employee at Chelsea Technologies, Tiffany is a systems engineer. She has over ten years of experience in the IT field having pursued Bachelor's in Computer Science before enrolling for a Master's degree in IT security. According to Tiffany, failing to train employees on information security and not having right tools in place are two mistakes that organizations make. The success of breaching organization's security is dependent on employees because they possess critical knowledge and credentials of an organization. Tiffany thus suggested:
1. Companies should educate workers by conducting training events that feature phishing scenarios.
2. Organizations should employ SPAM filters, which detect blank senders and viruses.
3. Maintain all company's system with latest updates and security patches.
Arthur acquired his B.S degree in Computer Science from New York Institute of Technology before starting a career as a corporate IT director and computer services provider. Presently, Arthur is the Managing Director of LaptopMD. According to him, careless browsing is the worst mistake that organizations make leading them to fall victims of phishing attacks. Thus, Arthur maintains that companies must institute policies that ban certain websites from being accessed on the company's internet network. Importantly, Arthur Zilberman advises organizations to train their workers concerning techniques of phishers. Employees must be cautioned regarding suspicious and malicious email attachments.
Mike is a co-founder of SecurityHim, a security educating and consulting company, which provides cyber security training for customers on topics such as minimizing the risk of information breaches and data privacy. Mike has worked with security and information technology (IT) for over 20 years. Additionally, he speaks internationally on security, governance and risk management. According to Mike, there are several technological and human factors that organizations must consider to prevent phishing attacks. In this regard, Miekle notes that the use of heuristics tool to establish fraudulent emails is the best technological approach. This security solution has the capability of filtering scam messages
Steve is the chief security consultant and the founder of Heath Security Systems. As a security expert, Steve says that companies require a layered and coordinated approach to fighting phishing attacks. This can be achieved by following these simple tips:
Train workers to recognize phishing attacks and avoid clicking on malicious links. For instance, domains that do not match purported company's domain must not be clicked.
Enabling many spam filters to prevent emails from suspicious senders from reaching inboxes of employees.
Companies should employ two-factor authentication to prevent fraudsters who compromise user's credentials from gaining access to the company information.
Organizations should enable browser extensions and ad-ons to prevent internet users from clicking suspicions and scam pages.