What is phishing?
Phishing is a cybercrime in which a target are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Phishing emails can hit an organisation of any size and type. You should take steps to protect your organisation from these attacks.
What organisational controls should you consider?
It is essential that organisations promote staff awareness on what to look out for and that they have clear incident reporting procedures in place. Staff training can help protect your organisations information assets and business continuity.
You should implement clear password policies and promote awareness around the dangers of staff reusing passwords for multiple accounts.
You should have clear policies and procedures around acceptable use, placing a degree of onus on staff to take due care to validate sources and avoid such attacks.
What Technical controls can you consider?
Attackers ‘spoof’ trusted emails, making their emails look like they were sent by reputable organisations (such as yours). These spoofed emails can be used to attack your customers, or people within your organisation. Make it harder for email from your domains to be spoofed by employing the anti-spoofing controls and encourage your contacts to do the same.
Implement simple alerts to highlight when an email has come from outside the organisation. It is not uncommon for attackers to try and pose as a trusted internal email address. A simple banner at the top of an email notifying colleagues when an email has come from an external email address and reminding them to take care, will help ensure that staff don’t fall into the trap of clicking links or opening files from malicious sources.
Have a technical password policy control in place to only allow passwords over a certain length, the National Cyber Security Centre advise organisations implement a minimum password length requirement rather than password complexity. It is recommended that you think random when choosing password by merging three random words.
Applying multi-factor authentication can mitigate the impact of login details being compromised.
What steps can you take to manage an incident?
- Identify the incident – You should ensure that you have clear accessible procedures on how to report an incident. Is it essential that you have intrusion detection systems which will alert IT colleagues to the incident.
- Confirm the & grade the incident – you should undertake prompt checks to the validate an incident has occurred. Another priority will be to grade the severity of the incident, it is important in the initial stages to understand enough to take containment/mitigation actions and ultimately remediate the attack.
- Contain the incident – technical colleagues will need to work quickly to quarantine the attack and mitigate any risks to wider systems and information assets. This stage is likely to require critical decisions such as taking a core business system offline. It is important to consider the consequences of any such actions, both good and bad.
- Escalate the incident – you may need to escalate the incident internally and report the incident outside the organisation for example to affected partners.
- Eradicate the threat – fully remove the threat from your network and systems. This often involves similar actions to containment but is sometimes coordinated so that all actions are carried out simultaneously.
- Recover – Clean systems and data are put back online and in some cases, final actions are taken to handle regulatory, legal and reputational issues.
- Evaluate lessons learnt – analyse how the incident could have been prevented and how the response could have been improved.
We can offer a range of support mechanisms to help protect your organisation against these attacks from conducting staff training right through to drafting incident management procedures. Contact us for a discussion.