Anti-Phishing: Factors to Consider When Planning, Developing and Implementing Phishing Awareness Training

By Randi Sherman

Security awareness training is very broad in scope, but essentially it amounts to creating a formalized environment for familiarizing and educating employees about proper procedures for protecting a company from intrusion and theft. Properly designed, it should ensure that all workers understand corporate policies and procedures for using company assets in a secure and conscientious manner. That being said, phishing is a black art. It is designed to trick otherwise conscientious employees into doing something that they would never ordinarily consider. Phishing poses a unique problem to corporate security. In many cases, employees have abrogated their responsibilities, operating under the mistaken impression that filters remove all incoming threats from e-mails. This is a notion that we need to do away with; phishing awareness education is the key.
» Read more

Non Technical Countermeasures

By Daniel Brecht

Today’s cyber scammers are quite savvy in their attempts to bypass security measures and collect information and data that should not normally be publicly exposed. Phishing, in particular, is a widely used social engineering technique that targets users by means of a bait to solicit personal information or deceive victims into performing certain actions, such as opening malicious links or attachments.
» Read more