How to Prevent Phishing and Social Engineering Attacks
- Implement an awareness and training program for staff
- Place internal controls to prevent any one person having unrestricted, unmonitored access to sensitive information
- Institute policies forbidding the transfer of financial assets and personal information unless accompanied by verbal or in-person confirmation from stakeholders
- Use caution with unsolicited calls or emails from anyone asking for internal information
- Use anti-virus software, firewalls, and spam filters as directed by IT staff
- Use complex passwords at least eight characters long, including letters, numbers and special characters (!, #, @, $, etc.)
- Use a unique password for every website, especially personal and work accounts
If you Accidentally Click on a Phishing Link But Aren’t Sure of Infection
- Immediately contact management and your network administrators
- Isolate your computer from your district’s network
- From a separate computer, change your passwords that grant access to systems
- Refer to IT administrators to determine if an infection has actually occurred
- Notify your insurer
- CSD Pool members should visit eRisk Hub’s Incident Road Map to determine if the event is a real incident
If You Were Successfully Phished Or a Victim Of Social Engineering
- Immediately contact management and your network administrators
- Secure all network logs, audits, notes, and any other documentation on the incident
- Notify your insurer
- Contact law enforcement and legal counsel for assistance
- If necessary, prepare notifications to any customers or employees whose information has been compromised and obtain credit monitoring services on their behalf
The advice listed here is taken from Ready for Anything, our guide to responding to disasters and calamities big and small. For your free copy, visit our website.
