Implement best practices for user behavior and tailored awareness
There are a variety of best practices that organizations should follow in order to minimize their exposure to phishing and ransomware.
Organizations should implement a strong security awareness program that will help users to make better decisions about the content they receive through email, on what they view or click in social media, how they access the web, and so forth. It is essential to sufficiently invest in employee training so that the “human firewall” can provide an adequate first line of defense against increasingly sophisticated phishing and ransomware.
Furthermore, organizations should occasionally test their employees to determine if their security awareness training is effective. Those tests should trigger an action plan and measure the organization’s successes and failures.
As far as business email compromise is concerned, organizations should create communication “backchannels” for executives and other key staff that might be targeted on this attack schema.
Awareness programs such as Deloitte’s Phishing as a Service including highly customizable simulation and response components are generally more effective than merely walking users through theory without any practice.
