< Back to Blog
Tips for Your Vendor Security: How to Prevent Phishing Attacks
Security Best Practices & Advice

Tips for Your Vendor Security: How to Prevent Phishing Attacks

By Demi Ben-Ari Oct 08, 20193 min read

Phishing is an attempt to deceive a victim in order to gain access to confidential information and/or distribute infected files. Even with the latest technologies that prevent many phishing emails from reaching inboxes, and even with the right training and procedures, phishing attacks accounted for nearly one-third of data breaches in 2018.

Get the best third-party security content sent right to your inbox

Thanks for subscribing!

As we mark National Cybersecurity Awareness Month (NCSAM), it’s an appropriate time to note that every type of company has been targeted by phishing, including financial organizations, tech security companies, educational institutions and healthcare. High ranking executives are regularly targeted by phishing scams with business email compromise (BEC) alone costing companies $26 billion, as reported by the FBI.

So how can your vendors avoid becoming victims of such attacks?

1.   Map the Employee Threat Landscape. 

Human behavior dictates the likelihood that an employee might be a victim of a phishing, spear phishing or BEC attack. Companies should check employees’ public footprints, such as their social network presence, to be alerted of irregular behavior compared to industry standards. This allows companies to rectify broken policies by better understanding how hackers are targeting employees.

2.   Assess Employee Access. 

Security teams should assess the amount and critical nature of the data employees have access to. You may have an HR manager interacting with unauthorized entities without having the right cybersecurity training to detect phishing. Therefore, organizations should restrict pathways to critical data to reduce the threat posed by an attacker gaining access to the corporate network.

3.   Train and Test Employees. 

Consider using a platform that tests employees by sending fake phishing emails to gauge responses. Effort should be focused on groups that are particularly at risk, such as HR, which regularly has access to unknown entities.

4.   Involve Everyone. 

Cybersecurity shouldn’t stop at the door of the security team. It takes the participation of an entire company to secure a business, from the CEO to your newest recruit. All employees should undergo cybersecurity training and be taught how to spot phishing attacks. For example, employees should realize that they are more prone to phishing attacks from their phones, since they have less visibility into who sent an email than they do on a computer.

Be sure to download our guide to learn more about critical vendor security issues. 

This is the first in a series in honor of National Cybersecurity Awareness Month (NCSAM), and is dedicated to helping organizations guide suppliers with their cybersecurity. Don’t miss our next blog post about creating secure passwords. 

Author Thumbnail
Demi Ben-Ari

Demi Ben-Ari is CTO and Co-Founder of Panorays. He’s a software engineer, entrepreneur and international tech speaker, and takes #CyberSelfies like nobody else can.

You may also like...
Sales Security Blog
Sep 28, 2022 Verifiable Security Posture Can Help Shorten Sales Cycles Aviva Spotts
Third-Party Security Risk Management
Sep 06, 2022 Third-Party Security Risk Management: A Critical Component of Your Risk… Aviva Spotts
Anatomy of a Healthcare Data Breach
Aug 03, 2022 Anatomy of a Healthcare Data Breach Demi Ben-Ari
Get Started Free
We use cookies to ensure you get the best experience on our website. Visit our Cookie Policy for more information.
Get our latest posts straight to your inbox Subscribe