Grant McGregor Blog

How Do You Stop a Phishing Attack?

Written by the Grant McGregor Team | Sep 3, 2018 7:30:39 AM

People are often the weakest link of any security infrastructure. Which means the best line of defence when it comes to preventing phishing attacks or other people-focused exploits is to ensure staff are aware of the risks.

Phishing can be conducted via a text message, social media or by phone but usually phishing attacks arrive by email. Sometimes attackers mount targeted campaigns where they use information about your employees or company so their messages are more persuasive and seem more realistic. This type of targeted attack is known as spear phishing.

It can be hard to spot a phishing attack, and even harder to spot a spear phishing attack, so ensuring staff are aware of the tell-tale signs must be part of every organisation’s IT security procedures.

How Do You Stop a Phishing Attack?

The UK National Cyber Security Centre recommends a multi-layered approach to preventing phishing emails becoming a problem. This includes:

• Making it difficult for attackers to reach users
• Helping users identify and report suspected phishing emails
• Limiting the effects of undetected phishing emails
• Responding quickly to incidents

People are often the weakest link in this multi-faceted response; that's why users need clear guidance about how to spot suspect emails.

Part of the problem is that users all have different learning styles; some users will be happy consuming written learning materials, while some prefer to learn in visual, auditory or kinaesthetic styles.

Trying to get the message across in a way all users clearly understand and feel confident acting on can be a challenge.

How Do You Spot a Phishing Attack?

The best way to ensure learning sticks is through experience.

Once you’ve fallen victim to a phishing attack once, your recognition of suspicious signs will have an emotional significance you’re unlikely to forget.

That’s the philosophy behind the security awareness training of world-famous hacker Kevin Mitnick. His learning programme uses actual attacks and live demonstration examples to drive the message home to users.

This kind of sticky learning stays with users long after the training is completed and is really practical; users know how to apply what they’ve learnt because they already have. We’ve had great feedback from users who’ve undertaken this learning approach with us.

The course helps users to spot spam, phishing, spear phishing, malware, ransomware and social engineering – transforming your employees from the weakest link in your security perimeter to a human firewall.

How Does the Cybersecurity Awareness Training Work?

The great thing about the training is that you’ll quickly know which of your employees need further support with cybersecurity awareness training.

It’s also easy to address other potential vulnerabilities.

As well as being able to track users’ responses to the spoof attacks, you can direct employees who fall for one of the training tests to instant remedial online training, as well as a number of other options.

It’s a lesson users are unlikely to forget in a hurry!

 

If you’d like to find out more about how this hands-on training programme works, speak with a Grant McGregor consultant today and we’ll talk you through your options.

Call us on 0131 603 7912 or find out more here.