Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Five key steps to defend your organisation from harmful phishing attacks

Published : , on

By Chris Watkins, Head of Security, Ultima 

Some of the worst cybercrimes have taken place because of a tiny flaw. Cybercriminals rely on this flaw in an organisation’s security defences – commonly the employees themselves – to launch their attack. You only need to look at the number and scale of phishing attacks taking place every year. In 2021, 83% of organisations reported experiencing phishing attacks. In 2022, an additional six billion attacks are expected to occur.

Many phishing defences start and end with employee training to help them spot a phishing email. Empowering employees is certainly a key strategy. But employee education is only a part of the solution. This article will explain how organisations can widen their defences using technical measures as well as reporting processes and plan for attacks to minimise their impact.

Phishing at its worse 

A phishing attack is where a malicious hacker launches an email-based attack with the objective of obtaining user credentials so that they can gain a foothold within a corporate network and use that foothold to exploit data or demand a ransom. Cybercriminals use deception tactics to encourage users to click on a link which launches malware or makes the user give away details such as usernames, email addresses or better still, passwords.

Phishing emails are so common because it’s a numbers game; if a phishing campaign circulates to enough users (often in the millions), it increases the chance of success. Such data breaches not only cause loss of company data but lead to loss of revenue from a decline in customer trust and market value.

Here are five steps to take to bolster the defence of your corporate network that should be combined with effective employee training.

  1. Review how you’re preventing phishing emails reaching you in the first place

Whether manual or through your cloud-based email provider, ensure that the filtering or blocking service is sufficient for your needs and that it is applied to all users’ accounts.

A filtering service will send them to a junk folder, whereas a blocking service will prevent the email getting through to the user completely. This is based on the senders IP address, domain name, attachment type or because it’s detected malware.

  1. Think like a hacker

Often, thinking like a hacker is the best ways to spot one and this involves gaining an understanding of the nature of the threat that phishing poses to your organisation. What would a hacker want from an employee? Which departments are managing processes that are most sensitive (such as product development or finance) and could these processes be mimicked by a hacker?

  1. Make specific processes more resilient  

This involves good cyber hygiene practice. If dealing with many external email requests, try using multi-factor authentication, such as an SMS message or phone call to verify the sender.

Rather than sending and receiving email attachments, use a different login method or share files through an access-controlled account in the cloud such as Dropbox or Microsoft Teams.

  1. Adopt a zero-tolerance security culture It’s important to be realistic – not everyone can spot a phishing email 100% of the time. Phishing emails have become much more sophisticated in recent years

    Zero trust is the mindset of ‘protect everyone, verify everything’. Every user and device accessing a network is a potential threat. A zero-trust policy requires employees to act with a healthy dose of scepticism to everything that lands in their inbox. Such a culture brings the employee into the broader security network, establishing trust between the organisation and employee while increasing resilience.

  2. Encourage transparency and ensure ease of reporting Often, it’s the phishing culture within an organisation that needs to be improved.  Far from pointing the finger and assigning blame to an employee, it’s important to foster a culture of awareness, support, and action. If an employee feels that they are going to be reprimanded for not spotting a phishing email or making a mistake, they may not report it promptly, or at all.

    Implement a process that is easy to follow when an employee believes that a phishing email has made it past the company’s technical defences. Once it’s been reported, make sure that employees know that it will be actioned so that they feel encouraged to repeat the exercise again. Create an environment where employees aren’t afraid to ask out loud for extra support in spotting phishing attacks.  

Being involved in an organisation’s awareness and reporting culture should all form part of an employee’s wider security hygiene which also includes password management, use of removable media and remote working practices among other things. As an organisation, this should be actively encouraged to ensure that security is maintained.

In summary 

A combination of education, simulation, transparency and effective security reporting, along with leading-edge security tools are necessary to create a zero-trust organisation. From a technology perspective, this could involve multi-factor authentication, a VPN, encryption for files and updated hardware. Together, they can create a more secure corporate environment for all.

The reality is that there are always going to be threats that creep into a company’s layers of security. But if an organisation has the necessary security technology, employee education and a strong culture of zero-trust, then identifying and reporting threats becomes innate in everyone.

Jesse Pitts has been with the Global Banking & Finance Review since 2016, serving in various capacities, including Graphic Designer, Content Publisher, and Editorial Assistant. As the sole graphic designer for the company, Jesse plays a crucial role in shaping the visual identity of Global Banking & Finance Review. Additionally, Jesse manages the publishing of content across multiple platforms, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post