How agencies can protect against phishing attacks

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Christian Have
 

Connecting state and local government leaders

By Christian Have

|

Defending against phishing attacks involves a combination of policies, procedures and controls.

Public networks -- government, commercial and personal -- are facing unprecedented levels of attack by cyber criminals. Despite the threats governments specifically face, many are not implementing the proper tools, people or protocols to safeguard their agencies, leaving them at risk of exposing their systems to cyber terrorism and criminality.

While phishing scams have a reputation for mimicking government emails, often times, those emails can be turned on agencies themselves. Phishing attacks have been used by cyber criminals for years, often playing on the “immediacy” of email to trick agency users into revealing their credentials.

The threat of phishing emails is high across all industries; however, government agencies must be particularly proactive about guarding against suspicious emails to avoid exposing sensitive, and even classified, information.

As with any potential exploit, defending against phishing attacks involves a combination of policies, procedures and controls. It often comes down to people and technology working together to protect against threats by:

Investing in user training. The first line of defense is always to create a culture of cyber awareness. Agencywide training sessions that highlight the techniques potential attackers might use can  enable teams to be more vigilant about potential attacks.

Bringing a cybersecurity expert on board. Enterprises should consider adding a cybersecurity expert to their team or bringing an outside expert on board to implement the right defenses to protect a agency and its data. These experts have the expertise to ensure organizations are using the most appropriate tools to protect their people and systems against threats. 

Implementing stringent technology controls. There are many controls that can be deployed to plug potential security gaps. Recent advances in machine learning and artificial intelligence allow for more precise identification of high-risk users. User and entity behavioral analysis platforms use ML  and IA  to understand what "normal" activity on an organization’s infrastructure looks like. If anything abnormal is identified, the platform will access a risk profile and notify security analysts or take some remedial action to nullify the attack.

When in doubt, check and check again

Inadvertent insider threats are a bigger risk than many might think. Disgruntled employees, workers with expiring contracts or financially desperate staff may be to blame for suspicious, potentially harmful behavior. To protect themselves and critical business data, agencies should train users to spot phishing emails by:

Checking spelling, grammar and sender info. One of the key signs of a phishing email is poor spelling or grammar, as well as the use of seemingly familiar sender addresses, but with very minor differences. Employees should always check the sender's email to confirm the address is legitimate. For unexpected emails, they should look for any language or spelling clues that suggest it may not be from a legitimate source.

Taking a closer look at hyperlinks. Emails often use hyperlinks for further information. With phishing attacks, however, these hyperlinked URLs are frequently  different from the one displayed in the email. For example, the link may suggest it is from a legitimate organization, but hovering over the URL may  reveal a destination  completely different from what was suggested. Users should not click on any attachments or hyperlinks that appear not to be authentic.

Gauging the urgency. Often the phishing email will use social engineering to try to trick recipients into taking immediate action, such as asking users to verify bank account details because they've won a prize. Phishers also take advantage of people's generosity after a disaster to dupe them into making a donation on a fraudulent charitable website that infects users' devices or steals their donation and payment information.  

For government agencies, operating efficiency is a must. While IT systems are helping to meet that need -- enabling easier communication, accessibility, mobility, convenience and productivity -- that connectivity comes with the risk of data breaches.

With software and operating system vulnerabilities becoming a cornerstone of modern cyber warfare, agencies’ IT infrastructure is more vulnerable to unexpected attacks than ever before. Government information security relies on the right solution -- now more than ever.

NEXT STORY: Could plastic driver’s licenses become a thing of the past?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.