CxoToday
CxoToday
HomeSpecials9 Ways To Protect Organizations Against Phishing 
Specials

9 Ways To Protect Organizations Against Phishing 

Narasimha RajuNarasimha Raju
phishing

Claim your prize by clicking on the link below!

Are your organizations’ inboxes increasingly being targeted with such phishing scams? It may be time to reassess your security strategy. Constantly increasing in complexity, credential phishing schemes are on the rise, and appear in a variety of mannerisms to target employees.

Cybercriminals typically pretend to be reputable companies, friends, or acquaintances and target companies through fake messages, which contain a link to a phishing website. To ensure  organizations are protected, Microsoft Security shares a checklist for IT professionals to protect against phishing attacks:

  1. Require the use of MFA (Multi-Factor Authentication) across all accounts to limit unauthorized access
  2. For highly privileged accounts, enable Conditional Access. This means that you can block access from countries, regions, and IPs that you’re not typically supposed to be receiving traffic from
  3. You may also want to consider using physical security keys for those involved in payment/ purchase activities or for privileged accounts
  4. Use browsers which support services such as Microsoft SmartScreen; it analyzes URLs for suspicious behavior and blocks access to known malicious websites, providing you an extra layer of security
  5. machine-learning based security solution. How much ground can you cover by yourself? Solutions such as Microsoft Defender for Office 365 quarantine high probability phish and detonate URLs and attachments in a sandbox before the email actually reaches the inbox

  1. Enable impersonation and spoofing protection features across your organization
  2. Configure services such as DomainKeys Identified Mail (DKIM) to prevent delivery of non-authenticated emails that may be spoofing reputable senders. It lets receiving servers verify your legitimacy
  3. Audit tenant and user created allow rules and remove broad domain and IP based exceptions These rules often take precedence and can allow known malicious emails through email filtering
  4. You can never be too prepared. You should regularly run phishing simulators to understand, assess, and educate vulnerable users
Tags :PhishingPhishing attacks
add a comment

Leave a Response

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama