Cyber Security Awareness Month is coming to a close. We’ve enjoyed a lot of discussion (#CSAM) throughout October as the industry at large works to make sure everyone is cyber aware and secure. We thought we would end the month with another look at an important basic – email phishing security.
Even less savvy computer users now know not to click on executable attachments in emails. Most even know that hypertext and web links should be treated as suspect – especially as URL spoofing and disguising becomes increasingly effective in today’s phishing attempts. But, a lot of file types can catch your workforce off guard. Hence why phishing scams continue to flourish.
Many think Microsoft Office files are benign, but they may not be. Word documents, Excel spreadsheets and other Office files can execute code through software flaws. PDF files are just as susceptible. Make sure your users know it may be just as dangerous opening a Microsoft Office or PDF file as it is clicking on an executable file.
Be sure to train your users about the dangers of clicking on suspect email attachment files and embedded hypertext and web links. They are pretty easy to spot since most tend to not be customized to individual recipients. Phishing emails often have bad grammar, links that don’t match branded web domains or other flag-raising issues.
Note, however, that more sophisticated phishing attacks have now started to target their recipients specifically. These emails may contain content that is of interest to that specific user and their job function. These sophisticated attacks are more difficult to spot, but not impossible.
The answer to the growing complexity of phishing attacks is training, practice drills and up-to-date security solutions. Be sure your users are aware and vigilant about potential phishing attacks. Training is step one, but do not discount the need for practice drills. Putting phishing emails in front of your workforce demonstrates and reiterates the need for review. Think of it as creating muscle memory for their real-world email use. The goal is to keep them leery when interacting with file attachments or links in unsolicited email.
Also be sure to review and update your antispam and firewall security policies. Security threats appear and evolve rapidly. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our WatchGuard Security Center blog, including popular email phishing tricks and attacks. Subscribe to receive email updates and you’ll receive each update in your inbox.
Again, October is Cyber Security Awareness Month. Make sure you are cyber aware and stay tuned for more security updates right here on the WatchGuard Smart Security Blog.