SANS, in cooperation with Microsoft, released two short articles designed to provide small- and medium-sized businesses (SMBs) with background information on phishing and internal threats, as well as actionable advice on how to train users to recognize threats and avoid falling prey to attacks.
Defend Your Business Against Phishing does a wonderful job of defining how phishing attacks are launched, including providing a sample phishing email. Most importantly, the paper points out elements that signal the message is suspicious in nature. After describing the technologies that can assist in defending against phishing, author Matt Bromiley lays out training tips to get employees on board with prevention efforts.
In Defend Your Business Against Internal Threats, Bromiley introduces the concept of insider threats from accidental and malicious insiders. He again presents technologies that can be effective in curtailing insider threats and provides training tips to engage users in security efforts.
In each of the papers, Bromiley provides easy-to digest explanations of the typical attack and a discussion of the technologies that can help defend against the threats. Each paper includes a reproducible sheet with ways to avoid or mitigate phishing or internal threats that SMBs are encouraged to copy and share with their employees.
A special thanks to our sponsor: