The article titled “Technology can’t stop phishing
perhaps common sense can” available at: http://www.techrepublic.com/blog/it-security/technology-cant-stop-phishing-perhaps-common-sense-can/
brings to light some of the topics we covered this past week in my CIS 608
course. The article demonstrates that no
matter how hard we try to implement security to prevent phishing security
breaches the only true method is user training.
One of the topics we covered this week was establishing performance
targets. Because of the nature of
phishing the real performance target would be to ensure that all of a company’s
users are trained in how to recognize and what to do when they receive a
phishing email.
The training is the only way to effectively stop
phishing. As stated in the article when
an email is received with video links or other attachments the user must take a
step back and think about what the email contains. It is always safer to reach out to get the
data yourself rather than using the data contained within the email itself. This was highlighted once again after the
Target department store breaches. People
out there realized the magnitude of the issue and started to create their own
emails to discuss and phish the target breach itself. The training that should be put out there for
the users is that there is no security out there that will equal the security
the person can provide if they just think about it for a second. The user should not click anything in the
email but instead should go to the vendor themselves via web or phone to get
the information they require as opposed to using the email. Training should be continually modified to
use current examples and effective prevention techniques. Even with proper training this will not
completely stop the effectiveness of phishing emails but could minimize the occurrences.