• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Four Key Elements Of An Anti-Phishing Program

April 9, 2018 By Todd OBoyle


The news is regularly filled with headlines of another big breach. For example, recently millions of customers at Saks and Lord & Taylor stores were affected by a breach. While it is still under investigation, initial reports point to it being the result of a phishing attack.

It’s not surprising that hackers use this approach – humans are often the weakest link in any security program. This makes phishing one of the greatest threats facing small and midsize enterprises today. According to the Verizon Data Breach Investigations Report, more than 90% of attacks start with a phish.

We at WatchGuard believe in the power of education in preventing phishing. By making your people smarter about different types of attacks, they can be transformed from one of your weakest security links into one of your biggest assets. You can do this by building a comprehensive phishing protection program around your people.

Four Components of a Phishing Protection Program

Comprehensive phishing protection programs include four components – protection, education, evaluation, and reporting. Understanding the why and how helps you focus your scarce security resources on what matters.

  • Protection: We believe the cycle starts with protection because click rates continue to be so high.
  • Education: This protection must be linked with education, though. Users need to understand when they’ve made a mistake and how to stay safe in the future.
  • Evaluation: IT managers need to understand their click rates and where to target education.
  • Reporting: Participants in a phishing training program benefit from talking about the phishes they see. This illuminates what the attackers are doing, and reinforces the need to be vigilant against these attacks.

With the launch of DNSWatch, WatchGuard is doubling down on the link between protection and education. DNSWatch leverages DNS-level detection to provide an additional layer of security to identify and stop malware infections. DNSWatch does this by automatically detecting and blocking malicious DNS requests, and then redirects users to a safe page instead of the attacker. Thus, employees who click on phishing mails are protected and they are given a dose of education after they’ve clicked. We have found this to be an excellent time to reinforce your phishing education program – and the user receives additional training that helps them not to click again.

Learn more about DNSWatch in the WatchGuard Product Blog.

Share This:

Related

Filed Under: WatchGuard Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use