HDM-110618-phishing.jpg
10 strategies to reduce the threat of phishing attacks
Phishing attacks remain the top cyberattack challenge for healthcare organizations, according to Cofense, a vendor that offers professional services to stop these attacks. Email delivers 92 percent of malware, and by the end of 2017, the average user received 16 malicious emails a month, the company says. A new report offers ideas to help healthcare organizations better ward off phishing attempts.
Phishing 1.jpg
Stay aware
Concentrate on conditioning users to report questionable emails, not just simply recognize and resist them. Reporting volumes shown in Cofense data prove that trained users make good intelligence agents.
Phishing 2.jpg
Run tests
Engage in phishing simulations based on active threats. Focus on actual threats the organization faces. If HIT executives are not sure that the right threats are being identified, ask for help from the organization’s security operations center.
Phishing 3.jpg
Quality matters
In building a phishing awareness program, favor quality over quantity. Be selective in the threats users are asked to know and report. If users are resilient to the most pressing threats, the organization can’t ask for more.
Phishing 4.jpg
Credential threats
With credential phishing still the most active way to get into an organization’s network, educate users to be careful with their logins and require two-factor authentication for users with access to high-value data.
Phishing 5.jpg
Know what is real
Ensure that users know what a real email looks like and communicate corporate email formats so users can spot a fake format, which lowers vulnerability to compromised email accounts.
Phishing 6.jpg
Follow the money
Financial transactions are popular subjects and themes for phishing emails because they work. Include plenty of attention on financial transactions in the awareness program and be sure to target finance and other departments that disburse funds.
Phishing 7.jpg
Measuring
As the organization measures improvements in recognition and reporting, aim for an initial ratio of one reported email to one susceptible user.
Phishing 8.jpg
Stay current


Ensure the anti-phishing program keeps up with the newest subjects and themes. Hackers never rest.
Phishing 9.jpg
Automate


Make use of automation to remove reported spam and streamline email analysis.
Phishing 10.jpg
Don’t let down defenses
The constant evolution in phishing techniques shows that focusing on the “known bad” is just not good enough. Security appliances and software geared to fight known threats create a gap that hackers happily exploit.
Phishing 11.jpg
More information
The full report from Cofense is available here.