10 strategies to reduce the threat of phishing attacks
Phishing attacks remain the top cyberattack challenge for healthcare organizations, according to Cofense, a vendor that offers professional services to stop these attacks. Email delivers 92 percent of malware, and by the end of 2017, the average user received 16 malicious emails a month, the company says. A new report offers ideas to help healthcare organizations better ward off phishing attempts.
Concentrate on conditioning users to report questionable emails, not just simply recognize and resist them. Reporting volumes shown in Cofense data prove that trained users make good intelligence agents.
Engage in phishing simulations based on active threats. Focus on actual threats the organization faces. If HIT executives are not sure that the right threats are being identified, ask for help from the organization’s security operations center.
In building a phishing awareness program, favor quality over quantity. Be selective in the threats users are asked to know and report. If users are resilient to the most pressing threats, the organization can’t ask for more.
With credential phishing still the most active way to get into an organization’s network, educate users to be careful with their logins and require two-factor authentication for users with access to high-value data.
Know what is real
Ensure that users know what a real email looks like and communicate corporate email formats so users can spot a fake format, which lowers vulnerability to compromised email accounts.
Follow the money
Financial transactions are popular subjects and themes for phishing emails because they work. Include plenty of attention on financial transactions in the awareness program and be sure to target finance and other departments that disburse funds.
As the organization measures improvements in recognition and reporting, aim for an initial ratio of one reported email to one susceptible user.
Ensure the anti-phishing program keeps up with the newest subjects and themes. Hackers never rest.
Make use of automation to remove reported spam and streamline email analysis.
Don’t let down defenses
The constant evolution in phishing techniques shows that focusing on the “known bad” is just not good enough. Security appliances and software geared to fight known threats create a gap that hackers happily exploit.