#HowTo Develop a Detection and Response Strategy for Email Phishing

Written by

Losses accounting to over $48 million from 26,379 victims of phishing scams were recorded in the Federal Bureau of Investigation’s Internet Crime Complaint Center’s (IC3) 2018 Internet Crime Report. Over the years, phishing has turned into a viable business for cyber-criminals.

According to the State of the Phish 2019 Report by Proofpoint, 83% of global security respondents had phishing attacks in 2018 alone.

Cyber-criminals, scammers or hackers make use of phishing techniques for various reasons. Some use it to compromise your bank account to steal money from you, others use phishing schemes to spread malware and steal trade secrets or other information sensitive yet crucial to your business. Whatever their purpose, it’s rarely for any good. So how do you prevent phishing?

As a business owner, you have to make sure that you’re on top of the situation when it comes to combating phishing attacks. This means that you need to get your employees on board to help prevent phishing too. For this you need to develop a strategy.

Every efficient phishing prevention strategy requires that everyone is fully aware of what phishing is and the harm that it can cause, detect any current attacks, and stay alert for any possible phishing attack. For this to happen, here are three things that should be part of your strategy.  

Have the right tools in place
Now that you know what phishing attacks are and that they are going to be a problem, the next thing you need to do is to lay down the right tools to protect your computer from phishing attacks.

Thankfully, there is anti-phishing software to keep the phishing schemes at bay. Something as easy as installing a credible and efficient anti-virus could be all you need to protect your computer from attack.

Once you have the software running, it can detect any vulnerability, identify malicious activity from existing malware in the system and neutralize any malware that is in phishing emails. Some software examines your emails to detect anything suspicious that was sent along with it.

Train your employees on their role in information security
Once you have the right tools in place, educating your employees about their roles when it comes to information security stands at the heart of combating phishing attacks. The reason for this is simple: aside from being the first point of contact for phishing schemes, employees are the bridge between the scammer and the company. Thus, if they know what they have to do to protect themselves from possible phishing scams, then so will the business.

So what role does an employee play when it comes to information security? One of the most important roles employees play is to protect the company’s sensitive information. Thus, it’s important to raise your employee’s awareness of phishing. Protecting the company’s information comes with increasing their awareness of what phishing is and how scammers use phishing as a means of getting the sensitive data that they want.

This means that your employees need to learn that they have to be wary of the kind of emails they receive as well as the links and attachments that may accompany a suspicious email.

Enlighten employees on how they can take action
When you get a phishing email, it will get you to click on a shortened link, download an attachment or disclose your sensitive data. Employees who understand the dangers of phishing emails will be more cautious when an email hits their inbox.

Putting your employees through constant cybersecurity training or orientation at work will help them be more wary when it comes to the kind of emails they get.

Good news is that phishing emails leave clues. Some phishing emails have spelling and grammatical errors, sound too good to be true, or have a strange sender address. Some emails pressure you to share or verify your personal details and even give you an ultimatum to do so.

Teach your employees to use these clues as cues to step away from a possible phishing email. If they don’t fall for those phishing scheme then they are definitely on their way to ensuring cybersecurity at work.

What’s hot on Infosecurity Magazine?