1 00:00:00,05 --> 00:00:01,08 - [Instructor] While phishing may be one 2 00:00:01,08 --> 00:00:03,05 of the most common forms of attack 3 00:00:03,05 --> 00:00:05,08 on the cybersecurity threat landscape, 4 00:00:05,08 --> 00:00:08,08 there are straightforward ways to protect against it. 5 00:00:08,08 --> 00:00:10,08 Let's look at five steps you can take 6 00:00:10,08 --> 00:00:14,04 which can reduce your exposure to the threat of phishing. 7 00:00:14,04 --> 00:00:17,05 First, implement email filtering controls. 8 00:00:17,05 --> 00:00:19,07 Since phishing uses malicious emails, 9 00:00:19,07 --> 00:00:21,03 the better you get at blocking them, 10 00:00:21,03 --> 00:00:23,01 the more you'll be protecting yourself 11 00:00:23,01 --> 00:00:24,09 and your organization. 12 00:00:24,09 --> 00:00:28,07 Users can control emails at their inbox by flagging unwanted 13 00:00:28,07 --> 00:00:30,08 and suspicious emails as junk. 14 00:00:30,08 --> 00:00:33,05 Organizations can also block suspicious emails 15 00:00:33,05 --> 00:00:34,07 at the email server 16 00:00:34,07 --> 00:00:38,00 by blacklisting known malicious email servers 17 00:00:38,00 --> 00:00:40,06 and even blocking emails from entire countries, 18 00:00:40,06 --> 00:00:43,07 domains, or IP address ranges. 19 00:00:43,07 --> 00:00:46,02 Many email servers have additional controls designed 20 00:00:46,02 --> 00:00:49,00 to identify and block malicious emails. 21 00:00:49,00 --> 00:00:52,02 The next way to protect against phishing is to block access 22 00:00:52,02 --> 00:00:54,09 to fraudulent and malicious websites. 23 00:00:54,09 --> 00:00:56,04 This can be done at the user level 24 00:00:56,04 --> 00:00:59,06 by accessing the internet only with web browsers 25 00:00:59,06 --> 00:01:02,03 that show a warning if users attempt to go 26 00:01:02,03 --> 00:01:04,02 to a fraudulent site. 27 00:01:04,02 --> 00:01:06,06 Most modern browsers have security settings 28 00:01:06,06 --> 00:01:08,07 that can be configured to do this. 29 00:01:08,07 --> 00:01:11,03 Also organizations can install firewalls 30 00:01:11,03 --> 00:01:13,08 or proxy servers that prevent users 31 00:01:13,08 --> 00:01:16,09 from accessing known bad websites. 32 00:01:16,09 --> 00:01:20,09 The third step you can take is to use a password manager. 33 00:01:20,09 --> 00:01:23,08 This is a digital safe that can generate and store strong 34 00:01:23,08 --> 00:01:27,04 and unique passwords for any site that needs one. 35 00:01:27,04 --> 00:01:29,05 That way you're not reusing the same passwords 36 00:01:29,05 --> 00:01:31,04 on different websites. 37 00:01:31,04 --> 00:01:33,08 So even if one of your passwords gets compromised 38 00:01:33,08 --> 00:01:37,02 in a phishing attack, it won't work anywhere else. 39 00:01:37,02 --> 00:01:40,00 Fourth is multifactor authentication. 40 00:01:40,00 --> 00:01:41,02 This is a stronger form 41 00:01:41,02 --> 00:01:44,00 of authentication than just passwords. 42 00:01:44,00 --> 00:01:47,07 It requires a password plus at least a device you have 43 00:01:47,07 --> 00:01:50,08 or a biometric factor like a fingerprint. 44 00:01:50,08 --> 00:01:53,01 That way even if the attacker gets your username 45 00:01:53,01 --> 00:01:56,07 and password, they can't log in without the other factor. 46 00:01:56,07 --> 00:01:59,05 Finally, we have security training. 47 00:01:59,05 --> 00:02:02,02 If users know not to open phishing emails 48 00:02:02,02 --> 00:02:04,03 and click on manipulated links, 49 00:02:04,03 --> 00:02:06,08 phishing wouldn't be such a serious problem. 50 00:02:06,08 --> 00:02:09,09 Teach users how to recognize phishing attacks. 51 00:02:09,09 --> 00:02:12,08 Explain why they should be suspicious of urgent emails 52 00:02:12,08 --> 00:02:14,02 and how to hover over links 53 00:02:14,02 --> 00:02:16,04 to see if they're legitimate or not. 54 00:02:16,04 --> 00:02:18,03 You can also conduct phishing simulations 55 00:02:18,03 --> 00:02:20,01 to test how many users might fall 56 00:02:20,01 --> 00:02:22,03 for an actual phishing attack. 57 00:02:22,03 --> 00:02:24,06 When it comes smishing, the best way to protect 58 00:02:24,06 --> 00:02:27,07 against this threat is also with security training. 59 00:02:27,07 --> 00:02:31,02 Train users how to spot suspicious text messages. 60 00:02:31,02 --> 00:02:33,07 They should also be trained to never click on links 61 00:02:33,07 --> 00:02:35,08 in suspicious text messages, 62 00:02:35,08 --> 00:02:38,03 respond to suspicious text messages, 63 00:02:38,03 --> 00:02:41,05 or send money or make purchases based on text messages 64 00:02:41,05 --> 00:02:43,08 without confirming through some other method, 65 00:02:43,08 --> 00:02:47,08 like a phone call directly to a person or company. 66 00:02:47,08 --> 00:02:50,02 If you get repeated unwanted text messages 67 00:02:50,02 --> 00:02:52,06 from the same number, those can be blocked 68 00:02:52,06 --> 00:02:54,06 in the phone settings for both iPhone 69 00:02:54,06 --> 00:02:56,07 and Android mobile phones. 70 00:02:56,07 --> 00:02:57,06 Also check to see 71 00:02:57,06 --> 00:03:01,01 if your smartphone has other settings options to filter 72 00:03:01,01 --> 00:03:04,04 or block texts from unknown senders. 73 00:03:04,04 --> 00:03:06,09 Implementing these and the other controls I covered 74 00:03:06,09 --> 00:03:10,00 in this video will help protect you and your organization 75 00:03:10,00 --> 00:03:13,00 from the threats of phishing and smishing.