Across the U.S., there have been a number of high-profile cyber breaches that, upon inspection, were the result of phishing attacks. These malicious emails aim to collect personal information and employee credentials to steal intelligence from an organization's network or to install malware such as a data-stealing trojan. Therefore, it's safe to assume email phishing is here to stay.
While there is a regular discussion of how to prevent successful phishing attempts, one of the most successful approaches is ongoing employee training. As noted in the 2015 Verizon Breach Investigation Report, creating a network of “human sensors” through internal education can be just as effective as almost any technology at detecting phishing attempts and ultimately reducing the number of people that fall victim to these attacks.
Below are four “Cs” to keep in mind when implementing an anti-phishing training program into the organization:
- Context – Understanding the context of an email can help determine whether it is from a legitimate source. Make sure to consider any email before opening.
- Content – It is crucial to understand the origin of a hyperlink before clicking on it, especially if any part of it is misspelled. Think Faecbook.com vs. Facebook.com.
- Composition – Usually this will be an important indicator of where or from who this email might originate. For example, if a bank sends an email with no logo, no signature and in plain text, it might be cause to give them a call.
- Communicator – Even if a message comes from a known sender, it is necessary to thoroughly look through the email for the above signs, as some hackers might even have information about people in your network (based on details obtained through of social networks, etc.).
It is also important to look at what information is readily available to hackers when assessing the risk phishing poses to the business. Remember, any information that is public is fair game for a hacker to use against his or her target.
Making employees aware of the impact their Internet footprint can have on security; and using the above tools to monitor incoming emails, enables organizations and employees to further mitigate email phishing across the company and network.