Spear Phishing: Best Protection and Practices

Better Email Security

Organizations need an email security solution that automatically detects and blocks advanced targeted spear phishing campaigns. AppRiver’s Advanced Email Security delivers a unique email security solution that is more effective than standard solutions, and which proactively protects organizations from email-based cybercrime by merging advanced big data security, dynamic rules and security analystexpertise in order to anticipate the next wave of spear phishing techniques. It is imperative for full content inspection to be implemented and that every aspect of the email be evaluated using a multitude of techniques.

Multi-layered Security

Securing a network with a multi-layered approach is a best practice. Your organization should protect all security fronts by combining email and web security solutions with an endpoint AV protection layer. Web security platforms, such as AppRiver’s Web Protection, will complement email security and AV endpoints by not only blocking malware at the source, but also by scanning networks in search of resident malware that went untraced in the past that could potentially be calling home under the right circumstances.

By deploying the right combination of email protection, endpoint AV and web security, your business can close the security gaps present in each network and gain inbound and outbound traffic monitoring.

Audit your Security

Every business, including yours, has valuable IT assets such as computers, networks, and data. Providing adequate and effective protection of those assets requires that companies of all sizes conduct IT security audits to get a clear picture of the status of their network, become aware of the security holes they face and learn how to best deal with those threats. Contact us for a tailored security audit and threat analysis report that will provide you with critical information on the health of your email or network and also provide our recommendations on the best ways you can plug any identified security holes.

Limit User Rights

Some malware can be installed unknowingly by employees at the same time as other programs are downloaded. This may include software from third-party websites or files shared through peer-to-peer networks. Therefore, it is important to limit user rights as they pertain to the installation of software.

Security Tips for employees

With the popularity of spear phishing on the rise, it is always good advice to provide some tips and best practices to keep your employees aware of security threats.

Password complexity

Never stick to one single password for all your services! Instead, use different combinations for each service, use passwords with at least 8 characters, although 12 or more is recommended. Passwords should also be a random combination of uppercase and lowercase letters, numbers and symbols. A password manager can also help by managing multiple accounts and suggest strong password options.

Stay alert for suspicious links

Only click web links within emails you know to be authentic. If an organization, such as your bank, asks you to perform any activity that involves clicking links and entering credentials, either launch your browser and go directly to the bank’s site or just call them up to double check on it. Hovering your mouse over a link will always give some insight on whether the link could be spoofed and be fraudulent. However, some attackers try to obfuscate link destinations by using anchor text trying to look as a legitimate URL or URL shorteners to disguise the ultimate link destination. It’s best to always assume the worst when it comes to following links.

Employee Training Programs

Implement a course on security awareness and social engineering techniques that will help your users make better judgments about the content they download from the internet, receive through communications and access through the Web.

Security awareness training will also help users to be more careful about what they view, what they open and the links on which they click. While training by itself will not completely solve an organization’s security-related problems, it adds to the overall defense strategy by increasing the layers of security for the weakest element – humans. It will bolster the ability for users – the LAST (not first) line of defense in any security infrastructure to be more aware of malicious attacks against themselves and the organization.

Search yourself online

Be extra cautious when sharing data on social networks and limit what types of personal information you post on the internet: Review your online profiles and ask yourself how much personal information is available for cyber criminals to view? If there is anything that you do not want a potential scammer to see, do not post it – you should also consider reviewing your privacy settings on sites such as Facebook and Twitter to limit what information is left open for others to see.

Read and download the original article here.

Call SpartanTec, Inc. now and let our team of IT experts help protect your company from spear phishing. 

SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto