You can't secure what you don't acknowledge.SM

Tuesday, June 28, 2016

Email phishing expertise: Lack of skills or just a lackadaisical approach to security?

I can't think of any current security test that's more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that's why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others.

Here are some articles that I have written that can help you get your email phishing testing initiatives off the ground or, at least, provide you with some insight into why email phishing is such a big deal:

Defining Your Overarching Goal for Email Phishing Testing 

What to include in an Exchange Server phishing test

Throw users a line to thwart an email phishing attack

Top Gotchas When Performing Email Phishing Tests

Stop attackers from catching you in a phishing hack

Minimize your online footprint to combat phishing

Use an enterprise phishing tool such as LUCY. Do it manually. Whatever the means – just do it. I don't care how advanced your environment is or how mature your security program may be. Your network is one click away from compromise and you need to take the steps necessary to minimize this risk in your business. I promise you these tips that I've written can help you fight this security threat but it has to be taken seriously.