Phishing is everywhere. In a recent survey, phishing was observed in 72% of the organizations polled (and undoubtedly present but unobserved in the other 28%).
While phishing can’t be stopped by technology alone, it can help. Phishing protection solutions make it easy for employees to report suspected phishing attempts directly from their email clients. It also provides security professionals with the tools to analyze and investigate reported phishing attempts in minutes, while there is still time to stop the spread of an attack. Effective phishing protection will also require collaboration between the employees who are the targets and the security professionals who can verify and block phishing attempts.
職場でよく見られるフィッシングの指標(IOPs)に従業員を警戒させましょう。
Infographicを見るA good phishing awareness training program will educate employees on recognizing the indicators of phishing attempts. But taking the extra step of reporting the suspected email is even more important. Effective phishing protection requires having an easy way for employees to flag emails that they suspect to be fishing for the security team to investigate.
When a phishing attempt is verified, it’s important to get the word out to the rest of the organization. With a phishing protection solution, administrators are able to alert the reporting employee that it was indeed a phishing attempt and provide instructions on what to do next (such as deleting the email immediately, or contacting an administrator if they clicked on a link or opened an attachment).
This ability to react quickly can stop the phishing campaign before it has time to gain a foothold in the enterprise. Ready to detect and respond to phishing (and other suspicious behaviors) in your organization? Try InsightIDR for free.
In this week’s Whiteboard Wednesday, we outline the two key components of phishing protection: employee reporting and phishing analysis.