That is the No 1 rule in the security implementation to prevent hacking (Phishing - link manipulation) by many companies that have security policies enacted.



Hey mate I am not here to educate about security but do you know what phishing exactly is?

'Nothing beats education when it comes to phishing attack.'

Do you know about the 'loners' - Company's IT department computers not connected to the network but only to the Internet used for security analysis?



The following part of an article might be of interest:


Phishing Attack Prevention: How to Identify & Avoid Phishing Scams
Last Updated: Thursday March 31, 2016

By Nate Lord

Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure. Whether it's getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can to steal valuable data. Businesses, of course, are a particularly worthwhile target.

To help businesses better understand how they can work to avoid falling victim to phishing attacks, we asked a number of security experts to share their view of the most common ways that companies are subjected to phishing attacks and how businesses can prevent them. Below you'll find responses to the question we posed:

"How do companies fall victim to phishing attacks and how can they prevent them?"
Meet Our Panel of Data Security Experts:

    Tiffany Tucker
    Arthur Zilberman
    Mike Meikle
    Steve Spearman
    Frank Bradshaw
    Dave Jevans
    Greg Scott

   

    Jared Schemanski
    Luis Chapetti
    Felix Odigie
    Abhish Saha
    Jayson Street
    Patrick Peterson
    Daniel DiGriz
    Greg Kelley

   

    David Ting
    Bill Ho
    Luke Zheng
    Derek Dwilson
    Amit Ashbel
    Ashley Schwartau
    Peter Moeller
    Nick Santora


Tiffany Tucker

@ChelseaTech

Tiffany Tucker is a Systems Engineer at Chelsea Technologies. She's worked in the IT field for about 10 years. She has a Bachelor's degree in Computer Science and a Master's degree in IT Administration & Security.

The one mistake companies make that leaves them vulnerable to phishing attacks is...

Not having the right tools in place and failing to train employees on their role in information security.

Employees possess credentials and overall knowledge that is critical to the success of a breach of the company's security. One of the ways in which an intruder obtains this protected information is via phishing. The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc. A phisher's success is contingent upon establishing trust with its victims. We live in a digital age, and gathering information has become much easier as we are well beyond the dumpster diving days.

There are various phishing techniques used by attackers:

    Embedding a link in an email that redirects your employee to an unsecure website that requests sensitive information
    Installing a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information
    Spoofing the sender address in an email to appear as a reputable source and request sensitive information
    Attempting to obtain company information over the phone by impersonating a known company vendor or IT department

Here are a few steps a company can take to protect itself against phishing:

    Educate your employees and conduct training sessions with mock phishing scenarios.
    Deploy a SPAM filter that detects viruses, blank senders, etc.
    Keep all systems current with the latest security patches and updates.
    Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
    Develop a security policy that includes but isn't limited to password expiration and complexity.
    Deploy a web filter to block malicious websites.
    Encrypt all sensitive company information.
    Convert HTML email into text only email messages or disable HTML email messages.
    Require encryption for employees that are telecommuting.

There are multiple steps a company can take to protect against phishing. They must keep a pulse on the current phishing strategies and confirm their security policies and solutions can eliminate threats as they evolve. It is equally as important to make sure that their employees understand the types of attacks they may face, the risks, and how to address them. Informed employees and properly secured systems are key when protecting your company from phishing attacks.

Read more from the Source: https://digitalguardian.com/blog/phishing-attack-prevention-how-identify-avoid-phishing-scams

( Not a phishing link