Staying safe from phishing handnook part 2 – Anti-Phishing Strategy
The Handbook for Staying Safe from Phishing part one lays out an awareness that is essential to an anti-phishing strategy. An awareness of the types and methods help form a coherent functional strategy. Like phishing attacks, strategies for preventing them vary widely.
Part two of the handbook lays out strategies we can all use to reduce the threat. There is no single best practice to follow that will guarantee protection from attacks. A set of several practices make up an anti-phishing strategy one can employ to minimize the risk of phishing attacks reach. The best thing we can do is take a many-pronged defense strategy, defense in depth approach. It starts with the best gateway software available to filter out rouge messages.
Anti-Phishing Strategy
- Deploy best-in-class gateway software – these programs filter out rouge messages at the threshold. eMail gateway solutions block unwanted, malicious and impostor emails with granular search capabilities and visibility into all messages.
- Always Use Strong Passwords – This is beyond the capability of most people today only because of the number of strong passwords one must remember. Eliminate that by using a secure password management system. We recommend TSI Password Manager.
- multi-factor authentication. Multi-factor authentication helps to ensure that even if attackers learn user logins and passwords via phishing, they still will not be able to gain access to protected systems unless they can also obtain the secondary “factor” required for login.
- Know how to identify a phishing message. Knowing what to look for in order to identify phishing is a basic step in combating phishing. Misspelled words and bad grammar are on a tip-off. A threatening tone, or an email asking for unusual personal information, are others.
- Deploy anti-phishing software. There are a variety of software tools that can help protect your networks against phishing attacks by detecting and stopping phishing messages. Spam filters for email servers are one basic tool you should have in place. Antivirus, which will help prevent malware that originates within phishing messages from installing itself, is another. Web filters that block users from visiting sites known to be malicious are also helpful since they will stop fraudulent pages from opening in the event that users click links to them from within phishing messages.
- Encrypt sensitive information. Encrypting your data provides a second line of defense against theft. In the event that hackers use a phishing attack to gain access to your systems, they still won’t be able to read sensitive data if that data is encrypted (provided they don’t have the encryption keys).
- Discourage (or disallow) users from using public WiFi. Unsecured WiFi networks in places like airports and hotels are common vectors for launching phishing attacks. If you must use public WiFi, use a VPN to encrypt your traffic.
- Educate the people you work with. You can only do so much to stop phishing emails from reaching end-users. To help ensure that users will not be tricked into clicking malicious links or giving away sensitive information when phishing does strike, educate end-users regularly on how to detect phishing attacks and what to do when they receive a phishing message.
Conclusion
The strategies laid out here are each on simple practices that make it less likely to become the victim of a phishing attack. The best thing one can do is take a multi-layered approach, starting with the best gateway software available to filter out rouge messages. Education, not using public networks, encryption, best in class software, MFA and strong passwords combine into a strong force for anti-phishing prevention. Practicing these strategies helps.
AI based anti-phishing software: Secure, easy to implement, cost effective
AI Artificial Intelligence using Microsoft’s Graph platform powers TekMar’s best in class anti-phishing platform. It comes with a 30 day thirty day IT Blueprint trial. You can try both now by scheduling a free strategy session.
TekMar's Threshold Email Screening Ranger
Guards mailbox users, with they access mail via internet browser or in Microsoft Outlook on your desktop computer. Our propriatary AI solutionis the first layer to protected inboxes. Every line of defense is critical and the first one is key. Staying safe from attack is made easier with one unified email gateway. If your organization is using Microsoft 365 a unified single gateway is now ready.
Easy as 1,2,3.
Security problem or need system support?
If you have:
- a security problem,
- technology question,
- configuration issue,
- had a network intrusion, malware or
- item place in quarantine,
call the Tekuser Service Desk at (336) 373-110(5).
Or submit a request by clicking the get help button below.
#1 Integrated Cloud Security
There are lots of applications for mail protection. We've tried them all. THe ones that reduce your attack surface are best. In 2011 we move our clients to Microsoft 365 as the best-in-class email solution, reducing our clients footprint by moving email services off premisis. Now we are moving email threshold gateway protection off premisis too.
PASSWORD AND
PASSPHRASE TRANSMISSION
All inbound and outbound data communication traffic with the TSI Password Management happens over TLS
1.2 using 2048-bit RSA keys to ensure the protection of your data in transit.
WEB APPLICATION FIREWALL PROXY
Unique encryption keys are retrieved from numerous sources for each password.