Phishing, Part 3: Fixing Your Weakest Link – Employees
Welcome to the third and final installment of our latest phishing education series. Part 1 explored how the attacks work and why they continue to be such a problem. Part 2 shows what to look out for to avoid falling victim to a phishing attempt. And now we take protection a step further.
You can have every piece of security hardware in the books—firewall, backup disaster recovery device, anti-virus—but that all goes out the window when the threat is invited. That’s what makes your employees the biggest vulnerability in your organization when it comes to phishing attacks—their ability to let the hackers in. So how do you mitigate as much risk as possible?
5 Ways to Guard Against Phishing
- Create and Strictly Enforce a Password Policy: Passwords should be complex, randomly generated, and replaced regularly. You can safely test the strength of your password here. This service is sponsored by a password protection platform that tells you how long it would take a hacker to decode your password.
When creating a password policy, bear in mind that the most prevalent attacks are “dictionary attacks.” Since most people use real words for their passwords, hackers will typically try all words before trying a brute force attack. Instead of words, use a combination of letters, numbers, and symbols. The longer the password, the stronger it is. While it’s difficult to remember passwords across different platforms, try not to repeat passwords. This will protect all other accounts in the event of a breach on one of your accounts.
- Train and Test Your Employees Regularly: Educate your employees on how they can spot a phishing attack. Then, test your network vulnerability with safe, simulated phishing attacks orchestrated by your IT company to see how employees respond—to see how well they do. If employees fall for phishing attempts, send them through additional training. We recommend doing this on a regular basis to ensure that your employees stay on their toes and that you always provide education on the latest attacks.
- Create a Bring Your Own Device (BYOD) Policy: You can safeguard your network as much as humanly possible, but your employees are all walking in with cell phones. Are they allowed to get emails on these phones? What about gaining access to the network remotely? Cell phones, tablets, and laptops create a big, black hole in security without proper mobile device management and mobile security, so implement a policy immediately.
- Perform Software Updates Regularly: Make sure that your software is up-to-date with all the latest security patches. Holding off on updates means that you’re leaving yourself open to vulnerabilities that have been discovered and addressed.
- Invest in Security: Security is not something to get from the discount rack. Home-based hardware is not sufficient for businesses. At the very least, you need a quality firewall and backup device. For ongoing protection, you should invest in your employees’ training, stay current on security updates, and maintain a full crisis/breach plan.
There are two things that aren’t going away in any business: employees and security threats. Make sure you’ve done everything you can to avoid falling victim to an attack. Read this whitepaper for 4 ways to combat cybercrime, and reach out to us for help at any time.
Your Infinity team has basic and advanced security options that can be customized to your particular business. Call us at (912) 629-2426 or use the form below to request more information.