Security solutions for businesses are constantly improving, forcing cybercriminals to spend more time and money on breaking into corporate networks \u2014 and, increasingly, relying on social engineering. Exploiting the human factor and making use of readily available contact info (such as for HR and PR staff), crooks can extract login credentials from unsuspecting employees without having to worry about those ever-improving cybersecurity solutions.<\/p>\n
Unfortunately, there is no magic bullet to protect companies from phishing; the problem requires both organizational and technical measures. Here\u2019s how to implement such protection in practice.<\/p>\n
Browsers and some e-mail clients have their own security filters, but cybercriminals have many techniques to bypass them. Some, for example, use e-mail marketing services<\/a>.<\/p>\n Preventing phishing e-mails from reaching employees\u2019 mailboxes at all is a strong starting point. Use a security solution at the mail gateway level such as Kaspersky Security for Mail Server<\/a>, which not only checks links in incoming mail, but also detects threats in sent files.<\/p>\n These days, instead of deploying their own mail servers, many companies use cloud services, primarily MS Office 365. Microsoft Office account data, which potentially gives attackers access to services such as OneDrive and SharePoint that may store confidential information and contact details, is a frequent and unsurprising target of phishing attacks<\/a>. \u00a0Even if an employee knows in theory that they need to check messages carefully, they might still click a link or forward a message to colleagues if they\u2019re in a hurry.<\/p>\n Microsoft has its own, imperfect security technologies, which you can \u2014 and should \u2014 strengthen with additional layers of protection. For example, Kaspersky Security for Microsoft Office 365<\/a> prevents the spread of threats through Office services, guards against spam and phishing, and removes malicious attachments.<\/p>\n Today\u2019s cybercriminal bag of tricks includes malicious links hidden in e-mails<\/a>, attached Trojans disguised as documents<\/a>, misleading text messages<\/a> and phone calls<\/a>, and more. Phishing messages can even come from a hosting provider<\/a> or a partner company if one of its employees\u2019 accounts is compromised. Employees must be aware of these schemes and be able to spot suspicious e-mails.<\/p>\n Staff cybersecurity awareness training can come from your own IT department or outside experts. Additionally, online tools such as Kaspersky Automated Security Awareness Platform<\/a> help employees learn in a convenient, on-the-job format.<\/p>\n Testing employees by sending them relevant phishing e-mails enables \u2014 or forces \u2014 employees to apply their knowledge in practice and prepare for real incidents. Testing also highlights people and areas in need of improvement.<\/p>\n After basic cybersecurity training, employees will be able to spot most phishing e-mails by noting visual cues such as unknown sender address, wrong company logo, and typos. In some cases, however, determining whether a message is safe may require the help of an expert. Include your company\u2019s best contact for evaluating suspicious messages in the onboarding guide and prominently on the corporate portal.<\/p>\n Even experienced and sharp-eyed employees make mistakes. Phishing links may appear in an employee\u2019s personal e-mail or come in through a messaging app \u2014 channels your security systems do not control. Therefore, installing a security solution<\/a> on every Internet-connected workstation is crucial. That way, even if a phishing link reaches the target and gets clicked, the redirect will be blocked.<\/p>\nProtect Microsoft Office 365 services<\/h2>\n
Train employees<\/h2>\n
Send test phishing e-mails<\/h2>\n
Provide contact info for someone who can help check suspicious e-mails<\/h2>\n
Protect workstations<\/h2>\n
Protect mobile devices<\/h2>\n