The news is regularly filled with headlines of another big breach. For example, recently millions of customers at Saks and Lord & Taylor stores were affected by a breach. While it is still under investigation, initial reports point to it being the result of a phishing attack.
It’s not surprising that hackers use this approach – humans are often the weakest link in any security program. This makes phishing one of the greatest threats facing small and midsize enterprises today. According to the Verizon Data Breach Investigations Report, more than 90% of attacks start with a phish.
We at WatchGuard believe in the power of education in preventing phishing. By making your people smarter about different types of attacks, they can be transformed from one of your weakest security links into one of your biggest assets. You can do this by building a comprehensive phishing protection program around your people.
Four Components of a Phishing Protection Program
Comprehensive phishing protection programs include four components – protection, education, evaluation, and reporting. Understanding the why and how helps you focus your scarce security resources on what matters.
- Protection: We believe the cycle starts with protection because click rates continue to be so high.
- Education: This protection must be linked with education, though. Users need to understand when they’ve made a mistake and how to stay safe in the future.
- Evaluation: IT managers need to understand their click rates and where to target education.
- Reporting: Participants in a phishing training program benefit from talking about the phishes they see. This illuminates what the attackers are doing, and reinforces the need to be vigilant against these attacks.
With the launch of DNSWatch, WatchGuard is doubling down on the link between protection and education. DNSWatch leverages DNS-level detection to provide an additional layer of security to identify and stop malware infections. DNSWatch does this by automatically detecting and blocking malicious DNS requests, and then redirects users to a safe page instead of the attacker. Thus, employees who click on phishing mails are protected and they are given a dose of education after they’ve clicked. We have found this to be an excellent time to reinforce your phishing education program – and the user receives additional training that helps them not to click again.
Learn more about DNSWatch in the WatchGuard Product Blog.