• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
    • Bookings
      • Approved Interview Form
      • Approved Interview Form – Returning Guest
      • Conference Collection Form
  • Hosts
  • Company
    • About
    • Contact
    • Careers

Articles/ Attack Simulation/ Email Security/ Exploit Prevention/ OSINT/ Penetration Testing/ Remote Access/ Security Awareness/ Social Engineering

Phishing and Vishing Protection for Remote Workers

Matt Alderman October 14, 2020

Phishing is everywhere.  Couple that with a new remote workforce, video conferencing, and corporate messaging, now phishing and vishing are everywhere.  Why?  There are many reasons, including:

  • Increased use of personal computers and phones to conduct our work remotely
  • Increase in phishing emails targeting remote workers
  • Increase in vishing calls to our personal phones targeting remote workers

As the world moved to remote work, the attackers didn’t stop.  But they did shift their techniques to target our workforce at home, who within the corporate network had additional protections.  This shift has put additional pressure on security teams to figure out how to educate and protect those vulnerable workers.  And technology alone can’t stop these attacks.  So what do you do?

We interviewed Whitney Maxwell, Security Consultant from Rapid7, on Enterprise Security Weekly to provide us some recommendations on how to protect our remote workers from phishing and vishing attacks.  Here are her recommendations:

  • Start with awareness. Educating your employees on why phishing/vishing is harmful and empowering them to detect and report phishing attempts is a key element of protection.  For more information, please visit Rapid7’s Phishing Awareness Training
  • Teach them phishing prevention/verification tips. Phishing tips have been pretty standard and include looking for suspicious file attachments and malicious website URLs, promoting good credential behavior, and keeping systems patched for the latest vulnerabilities.  For more information, please visit Rapid7’s Phishing Attacks: A Deep Dive with Prevention Tips
  • Teach them vishing prevention/verification tips. Vishing tips aren’t as well known, but include basic common-sense approaches, including:
    • Asking for their name to look-up in the company directory
    • Asking for internal company information to verify their knowledge
    • Asking for a call back number to verify where they are calling from
    • Asking for their supervisor’s name to look-up in the company directory
    • Avoid emotions, especially if the caller is using an incident to collect information
  • Practice, practice, practice. Companies need to regularly (every 3 months is a good cadence) phish/vish their employees to give them practice at recognizing AND reporting these attacks. For more information, please visit Rapid7’s Tips for a Successful Phishing Engagement

To get a deeper dive, watch the interview on Enterprise Security Weekly here.  Or visit securityweekly.com/rapid7 for more information.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

linux security

Articles /

How to Defend Linux from Attacks

CT_web_featured_3_20_20

Attack Simulation /

How Can We Vaccinate Our Networks?

AdobeStock_145255314-1013x440

Email Security /

Security Awareness Training – Time for a Change in Philosophy?

‹ Zero Trust Data Security › What Security Data Do I Really Need to Collect and Analyze?

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS Feed RSS - Posts

Search

Follow Us On Twitter

→ Follow Us
© Security Weekly 2021
Powered by WordPress • Themify WordPress Themes