Phishing: Mitigating Risk, Minimizing Damage
In Wake of Recent Incidents, Experts Offer Insights on Critical Steps to Take
Tom Walsh, president of consulting firm tw-Security, suggests priority action items to limit the impact of attacks include disconnecting the affected workstation or mobile device from the network and immediately unplugging any external hard drives or USB drives.
If the organization has cyber insurance, the insurer, once alerted, will likely bring in their legal team and forensic experts, Walsh notes. “Follow instructions from the insurance experts. Do not delete any files, include log files,” he advises.
Walsh offers additional steps to help prevent phishing emails from reaching employees:
- Use a banner to notify users when an email sender is external to the organization;
- Train the workforce – “over and over again” and get tough on repeat offenders;
- Make employees aware of subject lines attackers commonly use as attention getters to entice email recepients to open a message;
- Block inbound and outbound traffic to foreign countries and implement blacklisting/whitelisting at the firewall;
- Block emails from domains with poor reputations.
… Organizations should consider deploying advanced endpoint protection and a next-generation firewall, Walsh also suggests.