From the course: The Cybersecurity Threat Landscape
Protect against phishing and smishing
- [Instructor] While phishing may be one of the most common forms of attack on the cybersecurity threat landscape, there are straightforward ways to protect against it. Let's look at five steps you can take which can reduce your exposure to the threat of phishing. First, implement email filtering controls. Since phishing uses malicious emails, the better you get at blocking them, the more you'll be protecting yourself and your organization. Users can control emails at their inbox by flagging unwanted and suspicious emails as junk. Organizations can also block suspicious emails at the email server by blacklisting known malicious email servers and even blocking emails from entire countries, domains, or IP address ranges. Many email servers have additional controls designed to identify and block malicious emails. The next way to protect against phishing is to block access to fraudulent and malicious websites. This can be done at the user level by accessing the internet only with web browsers that show a warning if users attempt to go to a fraudulent site. Most modern browsers have security settings that can be configured to do this. Also organizations can install firewalls or proxy servers that prevent users from accessing known bad websites. The third step you can take is to use a password manager. This is a digital safe that can generate and store strong and unique passwords for any site that needs one. That way you're not reusing the same passwords on different websites. So even if one of your passwords gets compromised in a phishing attack, it won't work anywhere else. Fourth is multifactor authentication. This is a stronger form of authentication than just passwords. It requires a password plus at least a device you have or a biometric factor like a fingerprint. That way even if the attacker gets your username and password, they can't log in without the other factor. Finally, we have security training. If users know not to open phishing emails and click on manipulated links, phishing wouldn't be such a serious problem. Teach users how to recognize phishing attacks. Explain why they should be suspicious of urgent emails and how to hover over links to see if they're legitimate or not. You can also conduct phishing simulations to test how many users might fall for an actual phishing attack. When it comes smishing, the best way to protect against this threat is also with security training. Train users how to spot suspicious text messages. They should also be trained to never click on links in suspicious text messages, respond to suspicious text messages, or send money or make purchases based on text messages without confirming through some other method, like a phone call directly to a person or company. If you get repeated unwanted text messages from the same number, those can be blocked in the phone settings for both iPhone and Android mobile phones. Also check to see if your smartphone has other settings options to filter or block texts from unknown senders. Implementing these and the other controls I covered in this video will help protect you and your organization from the threats of phishing and smishing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.