5 ways to stay avoid phishing lures
Government agencies face cyberattacks every day. This is an increasing concern as experts cite security breaches, particularly phishing, as a top threat to state and local election offices ahead of the 2020 election. Now is a critical time to ensure that government workers know how to protect themselves.
First and foremost, government officials must educate everyone in their offices on the dangers of opening suspicious email or clicking links inside messages from unfamiliar senders. The right software can detect suspicious activity and alert security teams, but employees should also avoid risky behaviors that invite the threat in from the start. Here are five ways agencies can protect themselves from malicious activity.
1. Educate all staff. The best defense against any data breach is education. Since 91% of cyberattacks start with a phishing email, employees are commonly responsible for bringing malware into a work environment by accidently downloading malware. Agencies must ensure everyone with a connection to the email server learns these tips:
- Don’t click links. The most important message to impart to staff is to maintain a healthy sense of mistrust and never click on an unknown link. Whether it comes through email or text or even social media, it could be a phishing scam. If a link redirects a staffers to a page where they’re asked to input passwords, sensitive details or account information, they should close the page immediately. They should only visit trusted websites directly via their secured web browser.
- Appearances can deceive. Even when the email header looks accurate, there may be a malicious third-party behind the email. One way to detect this email spoofing is to hover over the “sender’s” details, without clicking, to confirm these whether the email has been sent from a trusted source.
- Check spelling and grammar. Spelling and grammatical errors can be telltale signs of a fake. A legitimate email will have been edited before it is sent out; however, a well-written email is not a guarantee of legitimacy. Attacks likely to target government offices and workers could be error-free.
As attacks grow more sophisticated, though, it’s becoming increasingly difficult to differentiate phishing emails from legitimate ones. For that reason, agencies should have additional protective measures in place.
2. Run a simulated phishing test. Even with robust training, humans make mistakes. Sometimes, personal experiences can emphasize the danger much more effectively. For that reason, it may help to run a simulated phishing test to detect the true risk level of employees. There are multiple tools can simulate phishing emails, sending employees realistic looking, but harmless, messages that have some trademarks of a phishing email. Depending on the tool, agencies can track results and identify which employees opened the email or clicked the links embedded within the email.
3. Check security access. Security professionals have long followed the principle of least privilege, which simply states that users should have the lowest level of access necessary to do their work. By limiting what non-administrative users can do, agencies can protect their systems should an attacker compromise an employee’s credentials and use them to log into the agency network. By reviewing user account settings, agencies can minimize the number of people who have higher level access.
4. Use email filters. Although software can help lock down the email server, agencies should already have spam filters deployed. Workers should be encouraged to mark any spam email that might make it through to an inbox to help the filters do a better job.
5. Prepare a response plan. No matter what protective measures agencies take, an attack is always a possibility, which is why a response plan for the most common security scenarios is critical. It ensures the security team can swiftly tackle any incidents that puts data at risk.
To make sure servers are always safe from a cyberattack, agencies should also consider using behavioral analytics that monitor for signs that an attack is imminent and alert security teams to take protective measures. Once internal users have been trained, this technology can bring an added layer of security that ensures devices and servers remain safe.