Phishing is one of the biggest security threats to Xantrion’s clients right now. Small and midsize businesses are low-hanging fruit for attackers because they have more worth stealing than an individual, but fewer security safeguards than a larger business. What’s more, phishing attempts, or social engineering attacks, are becoming more frequent and more sophisticated. The harder they are to spot, the more likely one of your well-meaning employees will get suckered into revealing sensitive information like a password or banking information.
Our Certified Support program combines several techniques to provide a solid fundamental layer of protection from phishing attempts. These protections include:
- Automated examination of all e-mail messages to detect signs of phishing
- Examination of all office traffic to the internet to identify and block attempts to reach sites known to contain malware or to be operated by cybercriminals
For some firms, the likelihood of a criminal targeting your assets (financial, intellectual property, etc.) and the consequence of a successful attack may be such that additional protections are needed. Our Managed Security service includes, among other measures, end user training to further safeguard your firm against social engineering attacks.
This training teaches your employees to recognize phishing attempts and steer clear of them. Videos show the most common forms of phishing and how to identify suspicious messages, from misspelled domain names to links that don’t go where they should. This training is constantly updated as criminals change tactics.
We also check your employees’ awareness to ensure that the training is working. For example, we periodically send all employees simulated phishing emails. When an employee falls for one of them, it triggers an alert that tells them what they did wrong and shows them how to avoid making the same mistake again. These emails go out monthly, weekly, or at a frequency you choose, ensuring that your employees can’t predict when they’ll be tested. We also track trends so you can target specific employees for additional training if it’s clear they need it.
In addition to user awareness training and testing, our Managed Security service includes many other practices that help protect against hackers. Some of the other practices include:
- Logging and sophisticated analysis of user activities
- Ongoing network analysis to reduce the number of possible entry points for criminals
- Extension of protections at your office to mobile workers
- Addition of Anti-Phishing protections to email servers