Skip Ribbon Commands
Skip to main content

Steps to protect you and your organization from Phishing - yes, we need protection, all of us!

 

Phishing remains one of the most widely used techniques for gaining unauthorized access to valuable company information and computer systems.

In this NNIT Security Insights article we provide you with an introduction to phishing and the measures you and your organization can take to help protect against the risk of a phishing attack.

Phishing – a typical case

Imagine you are sitting at your PC and an email notification pops up on your screen.  The email appears to be from your local parcels delivery service.  As far as you can remember, you haven’t ordered anything, but the email convinces you to click and open the attached file.

This is an example of a typical phishing case, where the attacker aims to deceive the recipient into carrying out an action or divulging information which can then be used to carry out more extensive attack activities.

Attackers tend to send emails to large numbers of random users in the hope that at least some of the recipients will click on the provided links or open the attached files, which will then provide access to the compromised systems.  According to Verizon, up to 13% of people tested clicked on such a phishing attachment, and it only takes one person’s click for an attacker to be successful.

This is taken a step further in spear phishing, a method which is often used as part of an Advanced Persistent Threat (APT) attack.  In this method, recipients typically sitting in key organizational roles are identified through social media and other publicly available information.  Attackers then craft targeted and convincing emails to get the recipients to disclose computer credentials or open attached files.

Malware payloads

Phishing emails are increasingly being used as a vehicle for distributing malware payloads, such as ransomware.  They are also used to distribute keyloggers, which are used to capture credentials, and remote access tools or RATs, which attackers use to gain full access to compromised PCs and then move deeper into the targeted organization’s network.

Protect yourself with these practical steps

  1. Think about online security as you carry out your daily work activities
  2. Be cautious with unexpected emails from unknown senders, written in a generic manner, or containing attached files
  3. Do not share user credentials as these could be used by attackers to take over your accounts
  4. Protect your financial information to reduce the risk of financial exposure
  5. Do not use USB drives to share documents with others as these could inadvertently contain malware that could then be introduced into your system. Use email, secure email, or your organization’s extranet facilities instead.

Protect your organization with these practical steps

  1. Raise security awareness across the organization regarding online security and the risks of sharing sensitive or confidential data with others, especially usernames, passwords, and financial information. Advise staff how to recognize a phishing email and what to do in the event of a security incident
  2. Remove local administration rights from local office users to prevent malware from installing itself in user PCs
  3. Implement Two-Factor Authentication mechanisms such as physical tokens or SMS one time codes for user logins
  4. Implement Privileged Identity Management mechanisms for users with elevated privileges such as system administrators, and ensure privileged user accounts are not used for standard office work but only for systems-related activities – two user accounts will be required for these employees
  5. Ensure antivirus, whitelisting and email spam filters are regularly updated to protect against incoming phishing e-mails, executable files and macros
  6. Implement email quarantine for attachments and links to allow central scanning
  7. Monitor for abnormal user behavior, for example where user credentials are used to log in to a system when the user is not normally at work
  8. Implement IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) to monitor the network for known indications of compromise patterns
  9. Implement log management to support forensic activities
  10. Implement standard system patching processes to ensure that all systems, software, PCs and servers are patched for known vulnerabilities.

Mitigation activities for organizations

In order to minimize the impact to the business of a phishing attack, consider including the following mitigating actions:

  • Develop a security incident response process to ensure a step-by-step response is in place to quickly respond to and resolve security incidents, including associated communications activities
  • Ensure backup / restore processes are regularly tested to ensure a prompt recovery following an attack
  • Review business continuity processes to ensure prompt recovery and / or alternative working arrangements during recovery
  • Update email spam filters to prevent others from being affected by the same attack
  • Request affected users to change passwords to reduce likelihood that attackers can reuse any harvested credentials
  • Consider a re-image of infected PCs to reduce likelihood that malware has been hidden for later activation
  • Review internal systems to look for signs of suspicious traffic, especially traffic leaving the network to command and control servers used by some forms of malware

By taking action now, businesses will be able to reduce the likelihood of being affected by a phishing attack and / or minimize disruption following an outbreak.

Have I missed Something?

Do you have anything to add?  Do you think anything is missing?  Please let me know and share your comments!

About NNIT Security Insights

NNIT Security Insights is a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT has its own Computer Emergency Response Team (CERT).  If lightning strikes, we have the necessary competencies in-house to respond and assist.  We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. 

You are welcome to contact us at nnitcontact@nnit.com if you want to know more about how NNIT can help your business increase its information security level.