Page 25 - Banking Finance July 2024
P. 25

ARTICLE

         Use email filters                                    and customers who click on a malicious link from giving
         It is suggested to send sensitive files in PDF formats rather  cybercriminals their login credentials.
         than document or word format, as generally pdf files can't
         carry executable virus codes whereas document file might  Install security patch updates regularly
         carry such codes. Although normally associated with "spam  Many phishing attacks exploit common vulnerabilities and
         filters," email filters can also scan for additional risks  exposures (CVEs), or known security weaknesses. To prevent
         indicating an attempted phishing attack. For example,  this, make sure to regularly install security updates that
         cybercriminals often hide malicious code in a PDF's active  respond to these known risks.
         content or the coding that enables things like readability and
         file's editable nature. Finding the right email filtering solution  Set regular data backup
         can help reduce the number of risky phishing emails that  Often, phishing attacks leave behind malware, which can
         make it through to users.                            also include ransom ware. To mitigate the impact that
                                                              ransom ware can have on your organization's productivity,
         Install website alerts in browsers                   create a robust data backup program that follows the 3-2-
                                                              1 method of 3 copies of data, on 2 different media, with 1
         Protecting against malicious websites is more important than
                                                              being offsite.
         ever. Recognizing that organizations are filtering emails
         more purposefully, cybercriminals now target website code.  Conclusion
         Make sure that end-users' browsers alert them to potentially
         risky websites.                                      There are multiple steps an organization or department can
                                                              take to protect against phishing. They must keep a pulse on
                                                              the current phishing strategies and confirm their security
         Limit access to the internet
                                                              policies and solutions can eliminate threats as they evolve.
         Using access control lists (ALCs) is another way to mitigate
                                                              It is equally as important to make sure that their employees
         the risks arising from malicious websites. You can create
                                                              understand the types of attacks they may face, the risks,
         access controls for your networks that "deny all" access to  and how to address them. Informed employees and properly
         certain websites and web-based applications.
                                                              secured systems are key elements in protecting your
                                                              organization from phishing attacks.
         Require multi-factor authentication
         Since malicious actors often look to steal user credentials,  Companies fall prey to phishing attacks because of careless
         requiring multi-factor authentication can mitigate this risk.  and naive internet browsing. Instituting a policy that
         You want to require users to provide two or more of the  prevents certain sites from being accessed greatly reduces
         following every time they log into your networks, systems,  a business' chance of having their security compromised.
         and applications:
         1) Something they know: a password or passphrase     It's also important to educate your employees about the
                                                              tactics of phishers. Employees should be trained on security
         2) Something  they  possess  :  a device or  token (an
                                                              awareness as part of their orientation. Inform them to be
             authentication application on a device, a keycard, or a
                                                              wary of e-mails with attachments from people they don't
             code texted to a smart phone)
                                                              know. Let them know that no credible website would ask
         3) Something they are: a biometric (a fingerprint or facial  for their password over e-mail. Additionally, people need to
             ID)                                              be careful which browsers they utilize. Read all URLs from
                                                              right to left. The last address is the true domain. Secure
         Monitor and takedown fake websites                   URLs that don't employ https are fraudulent, as are sites
         Organizations in highly targeted industries, like financial  that begin with IP addresses.
         services and healthcare, often use companies who can
         monitor for and spend time taking down spoofed versions  Thus sound and robust IT Security policies and employee
         of their websites. This is a way to protect your employees  trainings are inevitable tools against phishing.


            BANKING FINANCE |                                                                  JULY | 2024 | 23
   20   21   22   23   24   25   26   27   28   29   30