A glaring statistic that will be brought up numerous times throughout the life of this blog is, that since the beginning of the COVID-19 Pandemic, cybercrime is up 600%. An especially malicious take on an old attack vector, the phishing email, has arisen due to the pandemic. Recently cybercriminals have taken to pose as CDC and WHO representatives. The goal of their attack is to get an unsuspecting victim to click a link embedded in their email, usually under the guise of gaining more information about the pandemic.
While phishing emails have been around forever, attackers are becoming more and more crafty in their attacks. I have even known IT professionals who have fallen for Phishing campaigns. The biggest problem in combating phishing attacks is the large scope of attacks launched every day. It is estimated that over 3 billion phishing emails are sent every day. The shear scope of emails presents a huge challenge for IT professionals looking to combat this threat.
Furthermore, most IT professionals respond retroactively to phishing as opposed to taking proactive steps. From my 14 years working in System administration, often our response to a phishing email was to block the domain that the email originated from. Couple this with the 3 billion phishing emails sent daily any you realize almost instantly this response is futile. Truthfully companies need to start implementing a more proactive approach to dealing with Phishing emails.
Here are three great ways you can start with proactively preventing phishing attacks at your company.
1) Implement SPF/DKIM and DMARC – There are simple changes most System Administrators can make to help combat the tide of spam emails. SPF is a DNS record that tells mail servers what servers are allowed to send from a domain. DKIM provides encryption keys to verify that emails have not been tampered with. DMARC is the glue that brings SPF and DKIM together into a framework that allows configuration of failed messages.
2) Training – Showing employees examples of phishing emails and training them on how to identify them is critical in preventing employee engagement. There are some general patterns we can teach employees to avoid; clicking links, entering credentials, and downloading attachments are all behaviors that should be avoided.
3) Password managers – This one might seem a little odd but utilizing unique passwords for each application help minimize the damage should a password become compromised. Password managers like LastPass are great tools to implement because they allow the user to remember only one password while LastPass creates, stores, and even fills in all the other passwords.
Give us a call today to setup a training course for your employees or to test their abilities with a Phishing email campaign. If you would like information on setting up DKIM, SPF or DMARC we can provide you with local IT companies who can help you with that as well.
Thanks for taking the time to read this and hopefully you found something informative!
Stay Safe.
- Soteria Tech
תגובות