Any IT Manager can tell you that the biggest bang for your budget dollar comes from training. Simply training your users some security 101 — don’t haphazardly double click on email attachments, pay attention to file extensions, don’t click on links in unsolicited emails and IMs, learn to recognize a phish — drastically reduces your attack surface. Even with the evolution of blended threats and with the steady stream of newly exploitable vulnerabilities announced each day, the single biggest threat propagation vector is still attachments on mass emails.

Look at Symantec’s list of the most recent threats. A threat rarely gets to a level 2 without a primary propagation vector of email or IM and without requiring a user action.

So what does this have to do with phishing? The primary threat propagation vector for a phish is email. In your Internet filter you can likely report on phishing hits by user (8e6’s Enterprise Reporter supports this). If you see requests blocked as phishing from a particular user, you’ve found a user that is viewing the content of or clicking through on the links in an untrusted email.

That is a user that needs training.

And here’s a great user training tool to get started. It’s the Anti-Phishing Phil game developed by Carnegie Mellon.

Tags: Phishing, reporting, training, users

This entry was posted on Thursday, September 27th, 2007 at 12:35 pm and is filed under Phishing, Security Best Practices. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.