Is Your Data Phishing Bait for Hackers?

Data makes the world go round. Without data we wouldn’t be able to successfully run our companies, gain customer insights, increase profits, and continue to innovate.

In a world of hackers who are always on the prowl, however, data has the potential to turn from gold to kryptonite. When data falls into the wrong hands through phishing scams and malware infiltrations, the whole business is put at risk. To make matters more precarious, email is the top source of malware infiltration. In the last year, 67% of organizations reported malware attacks that have occurred through email. Without the right security measures, this easy access point leaves networks at risk of being exploited time and time again.

So, as a smart security leader, what can you do to protect your enterprise against phishing and malware attacks before it’s too late? For starters, the A-B-C’s of security can help.

A. Awareness And Training

Your employees are your first line of defense in the battle against phishing and malware. That’s why it’s up to you to arm them with the best strategies for staying safe in the cyber world.  Yet security-focused decision makers and influencers rate their security training as less than effective, particularly when it comes to preventing clicks on links and attachments in emails.

Training can come in many different forms. According to research, approximately 30% of organizations employ the “Break Room Approach” to train staff to detect malware and phishing attempts. This technique includes basic training on suspicious activities to watch out for when checking email or surfing the web.

A less personal training tactic is to provide, on a recurring cadence, security awareness videos for employees to watch.

Another way to teach employees how to spot a potential phishing attack before it’s too late is through formal training, consisting of iterative education and testing. This may include an audit of phishing tactic awareness among employees, training, follow-up testing to determine success of training, and additional training as needed. One popular type of formal phishing training is the “Human Firewall Approach”. This method tests every member of an organization in order to uncover what percentage of staff is most likely to fall for a phishing attempt. Then, training such as simulated phishing emails and videos are provided for lower-scoring employees.


What concerns me most is that more than 20% of organizations take a “Do Nothing Approach” toward security training.  Our number one tip: whatever you do, don’t be ‘that’ organization that does nothing!

Often, doing nothing is a result of the lack of resources, or it being costly.  Many of our customers have leveraged the Intel Security Phishing Quiz and incorporated this free tool to boost their Security Awareness efforts.  Read on for more information on how you can take advantage of this.

B. Build A Risk Audit Strategy

Before you can fight back against malware and phishing, you first need to know what parts of your business are most vulnerable to attacks.

The best way to do this is with a data audit. Find out what data you have, where it is stored, and who has access. Creating a log of cleared users can be very useful for security purposes, especially during staffing changes when users might leave your company. In your audit, you should also include any legal or regulatory obligations that your data is subject to, as well as what stakeholders the data affects. The goal is to incorporate all of these items into a data audit map, which will show key security decision makers which assets are under the highest security risk and how to prioritize security resources.

C. Choose Cloud Security Solutions

The final technique to protecting your organization against malicious malware or sneaky phishing attacks is to choose the right cloud security solutions for your infrastructure.  Even if you have on-premises security infrastructure, most organizations find they have enough to deal with when it comes to phishing and malware, and adding cloud security is an important practice to bolster security with another layer of defense.

Look for robust solutions that leverage threat intelligence and real-time protection. Look beyond whether a security feature is provided, to how effective that protection will be to help you defend against today’s speed of phishing tactics and malware variants.

When it comes to cloud security, it is also critical that you educate staff on how to use cloud-based apps for their optimal purpose. Tools such as Office 365, Dropbox, Google Drive might not be the number one place to store your most sensitive data without the proper security.

Setting up a plan to protect your organization against cyberattacks may be a lot to take in all at once, but by following the A-B-C’s of security, you can break it into simple, approachable steps.

Ready to learn more about protecting your enterprise against malware and phishing? Check out useful tips in our Best Practices for Dealing with Phishing and Next-Generation Malware whitepaper, published with Osterman Research.



Leave a Comment

1 × five =