How to Stop Phishing Before It Infiltrates Your Organization

Phishing Prevention Best Practices On How To Stop Phishing

Employee training, education and awareness

Executive management support for Phishing Awareness Trainings and learning is by far the best preventive measure that can be adopted. Employees will be aware of best practices to stop phishing while dealing with emails as it will send a clear message that security is taken seriously by the management and thus it will help keep your enterprise’s information assets safe. The training department can also encourage employees to participate in webinar on how to handle phishing attacks.

Stop phishing, use common sense

While you are browsing and keeping a track on your emails, be vigilant. It is the key to know how to stop phishing and keep your enterprise protected. This will help prevent any such attack even before it takes place.

• Never click on a link or URL in suspicious looking emails or websites or download any attachments, even they look familiar.
• Every document should be adequately scanned before opening will give you protection from phishing.
• Particular focus should be given to the emails which demand to share confidential information (banking details, personal details etc.). You can also find more details and some off the best practices on stopping phishing (how to guide) here.
• Financial organizations explicitly announce that they never ask for any personal data on call or in an email. If asked, scrutiny from the real authorities shall be done on an urgent basis.

Stop Spear Phishing through not clicking on Shortened links

Spear Phishing Emails are specially crafted to infiltrate your information systems. Instead of sending emails or SMS randomly to unknown users spear phishing targets specific individuals, i.e. employee of an organization. In a recent spear phishing attack, phishers targeted anti-money laundering officers at U.S. Credit Unions.

Hackers design the shortened links in such a manner that they look legitimate, however, as the user clicks the link; it lands on a page that has an entirely different URL and a malicious code running behind it. That’s a trap used by these digital thieves to get into your systems and steal the confidential data. Clicking on these poisoned links embedded in the emails may lead to infesting your device through a drive-by-download malware attack. Not clicking such links will help organizations stop spear phishing before it bypasses your security controls.

Watch out for suspicious or exaggerated emails

To grab people’s attention hackers often use Capital letters, colourful fonts, typos, exclamation marks. They also personalise those emails, greet yourself by your name, implausible content. Errors are intentionally induced into the material in those emails, to filter out from spam filters. Noticing such content will not only give you protection from phishing but will also help build a healthy security culture within the organization.

No Legitimate organization needs your personal data over the phone or on email

No enterprise has an urgent need for your personal information over phone or email, though it can be a hacker’s agenda. Receiving emails demanding personal information from a trusted organization (such as a bank or the tax department), probably suggests that someone is trying to breach into organizations’ network periphery.

One should always look for if a particular website has “https://” text or lock icon that is proof of a safe website. All banking websites are protected by the ‘HTTPS’ server. Avoid clicking links or URLs starting with ‘HTTP’ only.

Stop phishing through personal mobile data

Employees travelling abroad for business purposes may have to connect to the hotel network or the public Wi-Fi to access emails. You should avoid using free Wi-Fi in public places for logging in to your office network or to access websites where you need to enter sensitive information such as username and passwords (e.g. banks, workplace website etc.). If possible use your cell phone data to connect to the office network to stop phishing.

Enterprise policies and standards

Information or Cybersecurity department of the organization shall maintain and regularly update the security policies, standards and protocols on protection from phishing. Most importantly the department should devise the process to customise these policies and protocols as per the emerging threats and attacks and keep the employees updated about recent attacks in the news.

Phishing, Fear and Sense of Urgency

Sophisticated phishing emails are behind most of the successful phishing attacks. Hackers who perform spear phishing may have already known a little bit about your personally identifiable information such as your name, your address, hometown name etc. from another network to add credibility to these phishing emails or phone calls. Attackers ask for confidential or sensitive information from and pretend to be from a trusted source such as banks, tax department or from accounts or HR department of your organization, which is depicted as utter necessary and want immediate action from employee’s side.

Protection from Phishing is all about the sensibility of the employees to recognize these attacker’s tricks and report to the company’s security department. All the employees should be trained and educated effectively to make this judgment to stop spear phishing and to stop phishing of any type and will give you an answer to your question on how to stop phishing.

Phishing is stoppable, by spreading awareness among employees of an organization to detect these threats even before they result in exploiting a human or technical vulnerability present in enterprise systems. A single email is a significant threat to enterprise-critical data. Be vigilant; be aware!