Phishing attacks, despite their long history, continue to be one of the greatest threats to data security. More than 200,000 new viruses are discovered every day, according to malware experts, and they’re usually out of circulation by the time they’re detected.
So how does an organization protect data from vicious phishing and spear-phishing attacks?
Here’s a comprehensive data loss protection plan:
1) Protect your organization’s computers. Shop for the newest software that provides spam filters, firewalls, anti-virus, anti-spyware and reputation services. Look for data protection programs that offer automatic updates and free patches from manufacturers to fix problems.
2) Consider hiring a vendor that specializes in software data security. Data security firms can go beyond traditional data protection programs and conduct audits to determine your risk for phishing and data breach. They can isolate emails that have been quarantined and scan outbound emails to see if any data has been extracted outside of your organization. As experts, they can also provide technical support with the latest email data security technology. Be careful, however, not to overlap your own software with that provided by the vendor or you may be spending too much.
3) Educate your computer users. Data security software is far from full proof so perhaps the most important cyber security strategy is to keep educating your users. Remind them:
- To be suspicious of emails with generic salutations, typos or those that try to create a sense of urgency.
- Not to open attachments they aren’t expecting. If the attachment looks legitimate, ask your users to call the person to verify that they really did send it.
- To be wary of email links. Instead of clicking on the link, users may want to visit the website manually by typing the address into their browser. They can also check a link by hovering their mouse over it to see where it came from.