Following on from our post earlier this month, ‘PHISHING THREATS: THE #1 MISTAKE COMPANIES MAKE (Part 1)’   There are multiple steps a company can take to protect against phishing. They must keep a pulse on the current phishing strategies and confirm their security policies and solutions can eliminate threats as they evolve.

Steps a company can take to protect itself against phishing:

  1. Regularly educate your employees and conduct training sessions with mock phishing scenarios.
  2. Deploy a SPAM filter that detects viruses, blank senders, etc.
  3. Keep all systems current with the latest security patches and updates.
  4. Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
  5. Develop a security policy that includes but isn’t limited to password expiration and complexity.
  6. Deploy a web filter to block malicious websites.
  7. Encrypt all sensitive company information.
  8. Convert HTML email into text only email messages or disable HTML email messages.
  9. Require encryption for employees who are telecommuting.

Equally important, companies must make sure that their employees understand the types of attacks they may face, the risks, and how to address them. Informed employees and properly secured systems are key when protecting your company from phishing attacks.