This security alert bulletin is to advise you of an increase in phishing activity noted by several Dewpoint clients.
To reduce the risk of being a victim we recommend organizations adhere to good IT security practices specifically in the areas of username and password management.
To reduce becoming a phishing target, stress to your staff the importance of NEVER putting credentials into an online form from, linked or attached document unless they are absolutely 100% sure of the security and legitimacy of the site requesting the credentials.
If you fall victim to a phishing attack the following steps will help reduce the risk to your organization:
- Implement good Identity management practices
- Each user has their own account
- Accounts are not shared among users
- Permissions for accounts align and limited to the need of the user to perform their job
- Passwords management practices are implemented
- Passwords are changed on a regular basis
- Passwords adhere to complexity rules
- Functions requiring elevated privileges have their own accounts and are used only when the user is performing those functions
In addition, organizations should investigate the feasibility of implementing multi-factor authentication to reduce the risk of a malicious actor being able to impersonate a valid user through a compromised account.
If you need assistance ensuring your data and users are secure, contact Dewpoint.