Phishing Safety Handbook Part Three: Remediation

After outlining an anti-phishing strategy in Part Two of our handbook, which emphasizes awareness of phishing types and methods to block most attacks, Part Three introduces an action plan for when something slips through. No single best practice guarantees total protection.

Part three of the Phishing Saftey handbook lays out an action plan if the strategies we use and something nasty gets through.  There is no single best practice to follow that will guarantee protection from attacks.

Phishing Attack Action Plan

Despite robust, costly solutions and diligent efforts, organizations occasionally fall victim to phishing attacks. It’s important to acknowledge that no one is immune from phishing is not just a tactic of amateur hackers but a widespread tool of organized crime. Having a responsive action plan is crucial.

Basic Immediate Responses:

• Block the Sender: Prevent the sender’s email from reaching your network.
• Purge Malicious Communications: Identify and remove emails or messages linked to the attack from users’ mailboxes.
• Block URLs: Use firewalls and antivirus solutions to block URLs involved in the phishing attempt.
• Reset Passwords: Change passwords for users involved in the phishing incident.

Additional Steps:

• Review and Adjust Email Rules: Check for unauthorized forwarding settings in user accounts and remove them.
• Restore Data: If data has been altered or malware introduced, roll back to a clean backup.
• Notify and Instruct: Inform recipients of compromised accounts about the attack, advising them not to engage with any suspicious messages.
• Implement Multi-factor Authentication: Enhance security for affected accounts to prevent misuse of potentially compromised credentials.

Conclusion

Phishing attacks are long-standing cybersecurity threats and will likely persist. The best defense includes using top-tier security products and services, along with continuous education. Consistently minimizing risk and having a thorough response plan in place

TekMar's Threshold Email Screening Ranger

Guards mailbox users, with they access mail via internet browser or in Microsoft Outlook on your desktop computer.  Our propriatary AI solutionis the first layer to protected inboxes. Every line of defense is critical and the first one is key.  Staying safe from attack is made easier with one unified email gateway.  If your organization is using Microsoft 365 a unified single gateway is now ready.

Easy as 1,2,3.