3-1 Discussion IT Security - Phishing

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by SuperHumanSparrowMaster290

Report
3-1 Discussion IT Security – Phishing When responding to your peers, provide an additional suggestion for an information security practice they did not identify, and explain how your suggested practice would deter or reduce the impact of phishing within the company. In today’s world we are under a constant barrage of emails on a day-to-day basis which is why there are many scammers that have taken to email as an efficient way to gain access to a plethora of user information. If we are not constantly vigilant both at work and at home it is incredibly easy to open an attachment or to click a link that can unlock or attach a virus to your computer that can start obtaining information about you or your organization. When you are looking at emails and are looking at the content of the text contained in the body of the email you see things such as blatant spelling errors, an excessive use of all capital letters, text that indicates you should forward the email to as many people as possible, or content asking you to click links to change or update your password these should be red flags for you that these are phishing emails and need to be deleted without clicking on any of the links contained therein. In addition, you can also hover over the link, without clicking, you will see that often times there are discrepancies in sender email address, links, and domain names. Watch out for extensions like .exe which is going to prompt something to install on your system. As security evolves so does the sophistication of the type of hacking that is being used so it has always been best practice that if you do not recognize the sender, are not expecting something from a particular business, or have any doubt about the legitimacy of an email do not click on any link or open an attachment without further research to verify the validity of it first.
Organizations have a responsibility of educating their employees on the risks of phishing scams if they want to ensure the safety and security of their data and proprietary information. If they do not take the initiative to enlighten employees about their policies in regard to email and computer use upon hire an employee could unknowingly open an attachment or click a link that could allow malware or a virus to attach to the servers within the company begin working on obtaining valuable data the company would otherwise want to be kept secure. This can lead to much bigger problems like consumer data breaches etc. that then the company is responsible for handling. Ultimately, if employees are not educated about cyber security and the risks associated with not properly identifying potentially malicious emails etc., they cannot aid in protecting a company’s networks, data, or systems from the potential for cyber threats or malware attacks. In an effort to reduce the chances that emails that are intended for phishing have a chance of succeeding within an organization there are things that can be done by both the company and the employees that are a part of their network. First, having adequate firewalls in place is a necessity of any network. Additionally, proper user training to help them identify potentially risky emails containing phishing scams like dangerous attachments or links is a necessity. If users can identify unsecure links, sender email addresses that look inappropriate, or text within the email that isn’t legitimate looking or that is asking for potentially harmful information such as passwords, and then know who to alert it can significantly reduce the chances that a company’s secure files and information becomes compromised. Also, making sure that all employees know exactly who to alert if they believe they do receive these potentially harmful emails so they can be addressed quickly is crucial. Hiring third party companies to test employees periodically by sending these potentially harmful emails to evaluate if they can identify the ones that are harmful and should be reported can be a useful tool in learning whether or not there needs to e additional
education provided to users who are opening attachments or clicking harmful links within those test emails. It can also tell you if your staff is doing a good job at isolating these emails and forwarding them to the correct people to deal with them. Either way ongoing evaluations of your staff allows you to see if more training is needed or if you are performing well as a company. All organizations maintain a responsibility to keep consumer data, files, and proprietary information safe and secure from malicious attacks and malware to the best of their ability. So, in addition to keeping staff trained on email phishing scams the organization itself needs to keep apprised of the newest types of scams that are being utilized and deploy appropriate security updates if necessary and patching holes in their security. It then becomes the user’s job to identify emails that direct them to perform these security updates as legitimate and keep their systems up to date which helps keep the entire network secure. Response #1 Reginald, you have all good points about the negative effects that these phishing scams can have on a company should they be effective. It is crucial that the employees are trained on how to identify them and that the company has taken appropriate security measures within the network itself to help secure their entire company from malicious attacks whether they be viruses, phishing scams, or ransomware types of things. In addition to all the things you pointed out to help increase the security of the company they need to have in place a good firewall. You can also implement a data security platform which is designed to initiate automatic alerts for an IT or security team if there are unwanted changes that are happening to files etc., by anonymous users. This type of security can help you
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
isolate any accounts that may have been affected by a cyber-attack of some kind and let you begin working on it to prevent further access or damage to additional files and information. With this type of a system is serves as a backup to users alerting the security team of potential phishing if something slips through the cracks or a user does end up clicking on a link or opening a malicious attachment that ends up unleashing a virus or some type of malware. Educating employees is the most important part in my opinion, to preventing phishing scams from being successful. However, with the constantly changing approaches scammers are taking, I think testing your employees periodically with test emails is a good way to see how well your compliance after training is with the staffing. Then conducting ongoing training with everyone to keep them apprised of new tactics or approaches scammers are taking and how they should respond is crucial to continued success in keeping your company more secure from cyber- attacks and malware. Thanks for your insight this week great information!

Related Documents

DISCUSSION 2.docx
LAB 4.docx
Assignment 3-Harshilkumar-A00166790.docx
SEE6020 Final Project Instructions(1) (3).docx
Week 2 Quiz.docx
4-1 Discussion Roles & Responsibilities in IT.docx
5-1 Discussion Technology & Tools.docx
DISCUSSION 4.docx
DISCUSSION 8.docx
DISCUSSION 3.docx
Security Detective Monitoring Data Analysis - Ethan White.docx
Chapter 1 Homeland Security.docx