Defensive strategies
“It is virtually impossible to instill sophisticated levels of knowledge for every user of technology to be able to correctly identify malicious communications,” Kayser told CSO. “But what can be taught is to make people realize there is never a communication that we receive that we should feel compelled to respond to immediately, until we have verified that what we are being asked or told to do is valid.”
All employees should be told that, if skeptical about an email or text, they should immediately ask their IT department to review it, he said.
Another defensive strategy, Kayser suggested, is having all incoming communications for HR redirected to a specific folder on the corporate email system where full checks for viruses and corrupted files are run. Some argue these files may contain personally identifiable information, which shouldn’t be seen by anyone outside HR; that, Kayser said, is a valid concern. But this step shouldn’t require IT to inspect file content, just look for malware and suspicious activity.
