Wowrack Blog

3 Step Anti-Phishing Strategy

Kenneth     6 September 2018     News & Updates     0 Comments

Phishing attacks are some of the most basic yet effective weapons used against organizations who do not have an anti-phishing strategy.  They often lure in their victims by appearing urgent or work-related in nature and, oftentimes, organizations do not have a proper defense to combat this growing threat.

For this reason, it is important that your organization adapt a 3-part anti-phishing strategy so that your risks are reduced.  These three items include technical/IT infrastructure controls, end-user controls and a flow to handle attacks in the future.

STEP 1: Technical/IT Infrastructure Controls

The first part of the equation is to make sure you have the proper top-level protections in place before any phishing travels down to the end-users.  This must be done on the server infrastructure level. Services such as Hosted Email Security gateways help with this and provide a host of other benefits that are essential for any company who cares about productivity and security.

Companies can also consider two-factor authentication for publicly-facing pages that employees have access to. If a company is large enough, it is inevitable that an employee falls for a phishing attack. Two-factor authentication can help protect company assets in the event that this does happen.

STEP 2: End User Controls

The next part to consider is user education and remediation.  For the threats that make it past the proactive measures in Step 1, your next layer of attack should be from employees themselves.  Employees should be trained on what to look for and have a thorough understanding of policies regarding how tasks are processed. For example, if ordinarily you receive reports or invoices in a certain manner, employees should be instructed to not open emails that do not fit that standard.

Past the education process, some companies opt to bring in email security experts to do pen-testing and bait their employees to see who and how a user interacts with a potential phishing email.  These employees should not be punished but instead undergo further training.

STEP 3: Establish a Flow

Once an email has been flagged as a phishing attack, it is important to take immediate action against it.  Establishing a flow on how to handle these attacks can ensure that the threat is eliminated and filtered in the future.

A simple flow may include:

  1. A process for easy reporting by employee to IT Team
  2. Investigation by IT Team to see if it is an attack and performs a block
  3. Adding email from IT team to Security Suite so that the Infrastructure controls can learn and improve

Wowrack’s team is available 24/7 to assist your organization establish a plan and assist in all steps.  Contact us today for your no-obligation free consultation.

Leave a comment

Get a Free Consultation for Your Business
Logo Wowrack Horizontal breathing space-02
US Headquarters
12201 Tukwila International Blvd #100,
Tukwila, Washington 98168
United States of America

APAC Headquarters
Jl. Genteng Kali No. 8, Genteng District,
Surabaya, East Java 60275

© 2024 Wowrack and its affiliates. All rights reserved.