Click me
Transcript

Phishland: How will your users survive the Phishpocalypse?

ThreatSim PHISHLAND PHISHING APOCALYPSE? HOw WILL YOU SURVIVE THE Opening the wrong email can zombify your entire organization. How do I stay alive?" I follow a list of rules. #31 Phishing attacks prey on big, slow, untrained targets. As long as there is email there will be social engineering attacks. That means we're in a marathon, not a sprint. Get ready for the long haul with an ongoing training strategy that keeps your users one step ahead of the attackers. CARDIO #32 DOUBLE Train users to drag and drop suspect messages into a new email and send it to the infosec team. Boom. Then delete it. Boom. This way security will get the full headers of the phish and the user gets to move on. TAP WWW.MY.BANK.COM #1 BEWARE OF BATHROOMS If you receive an email with what looks like a link to a site you use (e.g. You have a new LinkedIn message!) go to the web site by typing the URL in your browser. Don't click yourself into a corner! #4 Fighting phishing is like fighting zombies - you can't expect everyone to stay vigilant and you can't rely on a single security control. Even with the best phishing prevention training, a few users may still click. Take time to identify vulnerable endpoint devices and figure out what users are doing with phishing messages and refine your training to target those weak links. SEAT BELTS #5 NO A smart policy is to keep email attachments to a minimum in the first place. Next, train users to ask themselves a lot of tough questions about attachments. Do I know this sender? Should I be expecting this? Seem sketchy? - Call the sender before opening! ATTACHMENTS #6 TRAVEL LIGHT The more third-party browser plugins that are in use, the greater chance for compromise. Get rid of those non-essential plugins! For enterprise essential plugins, like Java, use a GPO to whitelist trusted sites so they will only run on approved domains. #7 GET A KICKASS PARTNER There's nothing like an experienced zombie hunter to bring a little peace of mind to the fight. Team up with a pro like ThreatSim. Stay close. Follow their lead and get ready to put the undead attackers out of commission. 2. # 8 LIMBER UP Training users isn't a one-time fix. To get good at anything you need to practice and keep moving. Keep your end users aware of phishing attacks through regular training. #9 AVOID STRIP CLUBS Avoid shady web sites. You know the ones. Once you click, it's too late, and closing your browser won't help. #I0 Train users to be "smart skeptics" when it comes to suspect emails. Closely examine the sender's name, hover their mouse over links to spot suspicious URLS, think before they click, and get a second opinion from a co-worker. CHECK THE BACK SEAT #I ENJOY THE ITTTLE THINEE Have a Twinkie when someone reports a phish without anyone clicking-then hit the gym and get ready for the next round. C> ThreatSim Proactive phishing defense WWW.THREATSIM.COM

Phishland: How will your users survive the Phishpocalypse?

shared by packetwerks on Apr 12
364 views
2 shares
0 comments
The thought of a zombie attack fits well when it comes to phishing. They just keep coming and you have to keep fighting, but you have to stay smart. How do you stay alive you ask? A set of rules...

Publisher

ThreatSim

Category

Technology
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size