Picture this: You receive an email from the Vice President of your department. She asks you to approve a payment on a website. Since the email appears legitimate, you click through to the website. After further review, you decide it’s a scam. Unfortunately, you’ve only partially protected yourself from a phishing attack. By opening the email and clicking links, you signal that you’re an active user and might receive more attacks in the future.
Latest Trends in Phishing You Need to Know About
Phishing is a method of trying to gather personal information using deceptive e-mails and websites, and it’s not a new technique. In fact, it’s a time-tested method to obtain personal information. This technique relies on two fundamental facts. First, businesses and consumers rely on open communication channels such as email to do business. Second, most people aren’t interested in analyzing every email they receive. They just want to get through their email and move on with their lives. As an IT security professional, it’s your job to be better informed and come up with ways to protect your users.
The first step in stopping phishing is to understand the threat. Take note of these recent phishing incidents:
- Centura Health: This Colorado-based health organization suffered a phishing attack in 2019 and had to notify over 7,000 patients of the fact. Compromised information in this incident included all types of patient information, from treating physicians to medical record numbers. As a precaution, the organization required all employees to reset their passwords.
- Indiana Pacers: We’ve all heard about hospitals, banks, and governments suffering phishing attacks. What about entertainment and sports organizations? In May 2019, the Indiana Pacers announced that it had suffered a phishing attack. The attack caused the loss of highly sensitive data, including “emails containing names, addresses, dates of birth, passport numbers, medical and/or health insurance information, driver’s license/state identification numbers, account numbers, credit/debit card numbers digital signatures, and/or usernames and passwords.”
How can you leverage single sign-on (SSO) software and methods to improve the organization’s security?
Single Sign-On (SSO) Security Benefits
At first glance, you may not see the connection of using single sign-on (SSO) to prevent phishing attacks. If you focus solely on email security and training, you’re going to miss other ways to stop phishing attacks or reduce their impact.
Reduce End User Security Complexity
The more responsibility you ask end users to take on, the more challenges you’re going to face at work. For a salesperson, a customer service manager, or anybody else not in sales, it’s just not a priority to think about phishing day after day. With SSO, you simplify life for users by reducing the number of passwords they need to use. Instead of 5-10 passwords, they can get by with just one.
Improve Security Coverage in Your Environment
Every new technology, application, and API in your company adds benefits and adds security complexity. Without a single sign-on in place, IT will need to stretch to examine each technology. Inevitably, some work is going to be forgotten or neglected. When a phishing email comes in with the right targeting, it might exploit the fact that one system in your company isn’t protected.
With Avatier’s Single Sign-On software solution, you can add coverage for your software as a service tool. Thus, you won’t have to worry about a lack of security oversight for new apps.
End Reliance on Bad Password Habits
Even though IT security experts are continually criticizing poor password habits, such passwords continue to exist. CNN found that many of the most common passwords in use are easy to guess: password, 1234567, and so forth. By implementing SSO, your end users will have fewer passwords to manage. Therefore, you can introduce more demanding password complexity requirements. When you have those new requirements ready for deployment, make sure to read our guide on employee password training.
Typically, new security requirements aren’t popular with employees. However, you’re more likely to earn their support if you first deliver increased convenience through a single sign-on solution.
What Else Can You Do to Reduce IT Security Risk?
After you implement an SSO software solution, your end users will thank you for making their lives easier. Unfortunately, mitigating phishing risk to an acceptable level isn’t enough. There are other security matters to manage.
For example, did you know that employee job changes such as retirements, terminations, and promotions can increase security risk? This happens by creating inactive user accounts. For example, a sales support person moves to a job in finance. If he or she continues to have an active user account with sales and customer information, that user account represents an increased risk of internal fraud.
Another way to improve your security protection lies in leveraging innovative technology such as virtual agents. However, you might have to overcome internal skeptics about the technology. To help you face that challenge, read our post: “5 Steps to Get Virtual Agent Technology Approved and Funded This Month.” By implementing IT security virtual agents, you can free up your staff to work on other matters, such as evaluating new technology and supporting users.
The important point is to avoid being overwhelmed by IT security threats. You have plenty of options to reduce phishing risk and improve convenience with SSO. Get started today!