In our last blog “Phishing- A Major Cyber Threat“, we spoke about Phishing, how cyber criminals utilize it frequently to target users and its forms.
Now we are going to talk about how you can protect yourself from these attacks. There are five ways you can take which can reduce your exposure to phishing:
1- Implement controls to Block Spam:
Since Phishing is done in form of an email, the better you get at blocking spam, the more you will be protecting yourself from phishing.
a. At the user level: Users can control spam at their inbox by flagging unwanted emails as junk
b. At the organization level: Organizations can block spam at their email server by backlisting known spammers or blocking entire domains and IP address ranges.
2- Block Bad Websites:
Block access to fraudulent and malicious websites.
a. At the browser level: This can be done at the user level by accessing the websites only with web browser that shows a warning if user attempts to go to a fraudulent website. Most modern browsers have security settings that can be configured to do this.
b. At the organization level: Organizations can install firewalls or proxy servers that prevent users from accessing known bad websites.
3- Use Password Manager:
This is a digital safe that can generate and stores strong and unique passwords. This way you are not reusing the same password on different websites. So, even if one of your passwords gets compromised in a phishing attack, it won’t work anywhere else.
4- Multifactor Authentication:
This is a stronger form of authentication than just passwords. It requires a password plus another factor (a device you have or a bio-metric factor like a fingerprint), that way even if the attacker gets your username and password, they can’t login without the other factor.
5- Security Training:
When a user knows to open phishing emails, click on manipulated links then phishing would not be such a serious problem.
- Teach users how to recognize phishing attack, explain why they should be suspicious of urgent emails and hover over links to see if they are legitimate or not.
- Conduct phishing drills to check how many users might fall for an actual phishing attack.