Responding to a Phishing Attack

Ready for Anything: Responding to a Phishing Attack

Be Prepared for this Cybersecurity Event

HOW TO PREVENT PHISHING ATTACKS:

  • Implement an awareness and training program for staff
  • Place interval controls to prevent any one person from having unrestricted, unmonitored information
  • Institute policies forbidding the transfer of financial assets and personal information unless accompanied by verbal or in-person confirmation from stakeholders
  • Use caution with unsolicited calls or emails from anyone asking for internal information
  • Use anti-virus software, firewalls, and spam filters as directed by IT staff
  • Use complex passwords at least eight characters long, including letters, numbers, and special characters (!, #, @, $, etc.)

IF YOU ACCIDENTIALLY CLICK A PHISHING LINK BUT AREN’T SURE OF INFECTION:

  1. Immediately contact management and your network administrators
  2. Isolate your computer from your district’s network
  3. From a separate computer, change your passwords that grant access to systems
  4. Refer to IT administrators to determine if an infection has actually occurred
  5. Notify your insurer
  6. CSD Pool members should visit eRisk Hub’s Incident Roadmap to determine if the event is a real incident

IF YOU WERE SUCCESSFULLY PHISHED OR A VICTIM OF SOCIAL ENGINEERING:

  1. Immediately contact management and your network administrators
  2. Secure all network logs, audits, notes, and any other documentation on the incident
  3. Notify your insurer
  4. Contact law enforcement and legal counsel for assistance
  5. If necessary, prepare notifications to any customers or employees whose information has been compromised and obtain credit monitoring services on their behalf

Click here to order your copy today.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.