I talked a few weeks ago about training "Fred" to be your designated phishing filter. When any user gets a suspicious e-mail, they forward it to Fred. This is not in lieu of real security software, of course, just a way to stay ahead of phishing attempts.
Nice to see Carnegie Mellon University come out with some research showing the best way to train phishing-resistant users is through education and practice. That was exactly my reason for picking a "Fred" to check all phishing e-mail. Your person (may or may not be Fred, of course) would get plenty of practice spotting phishing e-mails.
Training everyone in the company in phishing detection will take time, and few if any small companies will spend the time and money for such training. Training one person, or picking a person who seems to understand the twisted psychology used by phishing scams, takes little time and no money.
Keep "Fred" busy by sending any suspicious e-mail to him or her for checking. That goes for attachments you don't expect, as well.
Advertisement: |
The Leader in Network Knowledge
