Phishers Are Improving Their Chances of Success with Targeted Attacks
by Paul A. Henry - Vice President of Secure Computing - Monday, 10 April 2006.
- Review and if necessary revise your security policies and procedures and be sure they address the many issues of ID Theft for both the organization, your clients and your employees
- Take a multi level security approach to ID theft
- Evaluate internal controls and procedures;
- Don't limit authentication to the user - authenticate both the user and the individual transaction separately and independently;
- Use two factor authentication - but not simply as a replacement for single factor authentication;
- If you are not using fraud detection methodologies they should absolutely be considered in light of the explosive growth of ID Theft.
- Communicate with your customers and employees
- Let them know you would never include a clickable URL within and email;
- Let them know in any email you would address them by their first and last name;
- Let them know you would not send them an email attachment that they would not have been already expecting;
- Always remember that your biggest bang for your buck typically comes from user awareness training for both your employees and your customers.
- Continuously monitor current threats and make the necessary adjustments in a timely manner – time is not on your side when confronting today’s menaces, either internal or external, on your enterprise network.