Phishing attacks are everywhere, and so is advice for how to prevent them. None of the advice offered is wrong, it’s just woefully incomplete.
A recent article on the Security Week website, Business Email Compromise Still Reigns, discusses the FBI’s annual Internet Crime Complaints Center (IC3) report and why business email compromise (BEC)—a type a phishing attack—is so prevalent.
The article then goes on to offer advice on ways to mitigate BEC attacks. It includes the following:
- Update security awareness training
- Develop BEC contingency plans
- Build in manual controls
- Monitor for exposed credentials
- Conduct ongoing assessments
- Set limits for third parties
Notice anything missing?
Another article on the PC Buyer’s Guide website, Most Common Phishing Scams and What You Can Do to Avoid Them, also offers some suggestions. These include “make sure to double check emails from your bank” and be cautious when “posting personal information and updates on social media.”
Figured out what’s missing yet?
All this advice offered by these well-meaning resources depends on one thing: people. People need to be more aware, people need to be more cautious, people need to be better trained, people need better procedures.
There’s just one problem with this line of thinking. If people could prevent phishing attacks, phishing attacks would have ceased long ago. But they haven’t. Instead, they continue to grow. Perhaps it’s time to find some new advice.
So, what is missing from the list? How about cloud-based email security with real-time link click protection.
The best way to prevent BEC and every other form of phishing is to keep the threatening email out of your inbox in the first place. Cloud-based email security reroutes emails, destined for your inbox, to their premises where it scans each email for malicious content and links, before sending it on to you. Detected phishing emails are blocked or quarantined.
Why do these advice articles not include this information? This technology is readily available, fast to deploy and inexpensive.
Want some better phishing prevention advice? Head on over to cloud-based email security with real-time link click protection risk-free for 30 days.