Every year, thousands of people fall victim to tax-related phishing scams. As with most intrusions, it only takes one click on a fraudulent link to give the bad guys everything they need to compromise your system and potentially commit tax fraud. Below are a few tips to help protect your team and customers.
Security Awareness – I always start with end-user awareness and training. Regularly train and test your employees. There are a lot of great tools available to automate this process, and they are relatively inexpensive. Use your Marketing Department to get the message out to your customers via lobby material, social media, and the informational website. Customers should know what to expect and more importantly, what not to expect, regarding communication and requests from your organization.
Defense in depth – Inevitably, one of your controls will break down which is why it’s so important to have multiple layers of security. For example, if a malicious email gets through your spam filter, we will rely on our web filter and antivirus solutions to block the incident. The goal of defense in depth is to avoid single points of failure within your environment.
Slow Down and Pay Attention – Phishing emails are oftentimes designed to create a sense of urgency and importance to entice users to click. Slow down and review the email and be skeptical of all attachments and links. If you’re not sure about the validity of the email, pick up the phone and call the sender from a number you already have on file.
Rinse and Repeat – Simply put, phishing works, so the bad guys will continue to use it to compromise systems. Training your team and educating your customers should be an ongoing process. Additionally, regularly review your security controls for appropriateness and adjust if necessary.
Bedel Security would be happy to discuss how we might be able to enhance your security strategy. Drop us a line at support@bedelsecurity.com to start a conversation.
The Virtual CISO Whitepaper
https://www.bedelsecurity.com/the-virtual-ciso-whitepaper
5 Reasons Information Security is a Team Sport
https://www.bedelsecurity.com/blog/5-reasons-information-security-is-a-team-sport
Essential Employee Training
https://www.bedelsecurity.com/blog/essential-employee-training
To Click or Not to Click? The 5 Laws of Links
https://www.bedelsecurity.com/blog/click-not-click-5-laws-links