Many steps must dovetail closely together as part of an effective prevention program.
Identifying High-Risk Users
High risk users include C-level executives, HR, Accounting and IT staff. Impose more controls and safeguards in these areas. For example, on finance approvals for wire transfers, stipulate several points of authorization and a time period that has to elapse before the transfer is executed. It is wise to conduct a search of all high-risk users to see how exposed they are. For example, LinkedIn and Facebook profiles often provide detailed personal information or even what could be considered sensitive
corporate data such as the person having wire transfer authority, as well as email addresses and list of connections.
Various technical controls should be instituted to prevent the success of phishing attacks. Email filtering is the first level but it is far from foolproof. Authentication measures should be stepped up. Instead of a simple username and password, which the bad guys have a good success rate of getting past, two factor authentication also requires something that only the user has on them such as a physical token. This makes it
much harder for potential intruders to gain access and steal that person’s personal data or identity. Key fobs, access cards and sending a code to a registered mobile phone are some of the possible methods, but we prefer the Google authentication app.
Automated password and user ID policy enforcement is another wise defense. Comprehensive access and password management also can minimize malware and ransomware outbreaks. Review existing technical controls and take action to plug any gaps.
Next post find out ~ Resolution ~ Policy and Procedures…Think Before You Click!
Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584