Cybersecurity is one of the most serious economic and national security challenges we face as a nation. And even though cybersecurity is a top priority for government organizations, security professionals still face multiple challenges defending themselves.
“Strong security requires attention to people, process, and technology,” said Elayne Starkey, Chief Security Officer for the State of Delaware. But unfortunately, for many agencies, cybersecurity is often at odds with innovation. The threat of sensitive data breach can keep organizations from experimenting with new technologies and services.
So how does your agency protect its data while also providing innovative services to citizens?
Fortunately, in GovLoop’s recent online training, How Government Can Stay Safe and Innovative, cyber experts including Starkey and Vaughn Stewart, Vice President of Enterprise Architecture at Pure Storage, discussed what they’re doing to stay safe and innovative.
Both malware and phishing are becoming increasingly common cyberthreats. And according to both Vaughn and Starkey, 95 percent of all attacks on enterprise networks are the result of successful spear phishing.
Our experts outlined how you can protect your organization from being phished.
Understand it. What is spear phishing? You can’t protect your organization from being phished if you don’t know what it is. Spear phishing is an email that is sent from a business, organization or person that is familiar to you and you think you know, but it’s not. It’s from the cyberhackers who are waiting for you to click the link in the email so they can get access to your sensitive data or information.
Know what to look for. There are many indicators of a phishing email and it’s imperative to know what they are. The biggest red flag is the email sender name. If the name is vague, general, or it’s an email that looks suspicious, delete it right away. Other indicators are misspellings, URLs to click on, and no personal address leading into the email’s content. Another huge clue is if the email is urging you to do something quickly. For example, it might ask you to click a link to complete a survey and the first 50 responders will win a gift card. Don’t click any of the links and follow up with your IT staff!
Train your colleagues. Phishing emails are one of the most common cyberhack methods out there, but fortunately they can be pretty easy to avoid, if you’re prepared. It’s necessary that organizations provide their employees with cyber trainings so they don’t fall into the hacker’s trap. A few interactive trainings a year can make all the difference.
Test your colleagues. Once you’ve trained your employees about phishing emails and how to indicate a bad email, test them. Starkey and the State of Delaware test their employees about five to six times a year. They send them fake phishing emails to see how prepared their staff is.
Employees who take the bait are notified about their mistake and required to take a test to further their education on phishing emails. Organizations can track which employees opened the email, who clicked the link, and who took the test. Employees who continuously click on the suspicious links should be carefully monitored and more frequently tested.
Cyberattacks can happen to anyone at anytime; it’s imperative you’re prepared. To learn more about phishing emails and protecting your sensitive data, view the on-demand training here.