Increased Phishing Activity Bulletin

August 15, 2018

This security alert bulletin is to advise you of an increase in phishing activity noted by several Dewpoint clients. 
To reduce the risk of being a victim we recommend organizations adhere to good IT security practices specifically in the areas of username and password management.

To reduce becoming a phishing target, stress to your staff the importance of NEVER putting credentials into an online form from, linked or attached document unless they are absolutely 100% sure of the security and legitimacy of the site requesting the credentials.

If you fall victim to a phishing attack the following steps will help reduce the risk to your organization:

1. Implement good Identity management practices
   1. Each user has their own account
   2. Accounts are not shared among users
   3. Permissions for accounts align and limited to the need of the user to perform their job
2. Passwords management practices are implemented
   1. Passwords are changed on a regular basis
   2. Passwords adhere to complexity rules
3. Functions requiring elevated privileges have their own accounts and are used only when the user is performing those functions

In addition, organizations should investigate the feasibility of implementing multi-factor authentication to reduce the risk of a malicious actor being able to impersonate a valid user through a compromised account.

If you need assistance ensuring your data and users are secure, contact Dewpoint.