• Email phishing expertise: Lack of skills or just a lackadaisical approach to security?

    28 Jun 2016

    I can’t think of any current security test that’s more important than email phishing. Yet, it seems that so few organizations actually include this phishing as part of their ongoing information security assessments and penetration tests. I suppose that’s why we keep hearing about all of the Cryptolocker infections and crazy statistics being published by Verizon, Ponemon and others.

    Here are some articles that I have written that can help you get your email phishing testing initiatives off the ground or, at least, provide you with some insight into why email phishing is such a big deal:

    Defining Your Overarching Goal for Email Phishing Testing 

    What to include in an Exchange Server phishing test

    Throw users a line to thwart an email phishing attack

    Top Gotchas When Performing Email Phishing Tests

    Stop attackers from catching you in a phishing hack

    Minimize your online footprint to combat phishing
     
    Use an enterprise phishing tool such as LUCY. Do it manually. Whatever the means – just do it. I don’t care how advanced your environment is or how mature your security program may be. Your network is one click away from compromise and you need to take the steps necessary to minimize this risk in your business. I promise you these tips that I’ve written can help you fight this security threat but it has to be taken seriously.

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

appsec basics books careers censorship cervical instability CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches eagle syndrome hacking Hacking For Dummies heads in sand health helmet communications incident response information risk keynote speaker leadership macOS NCAA football networking passwords Power Four rare diseases resilience Russian hacking SDLC security culture security leadership security speaker social engineering speaking engagements sql injection tethered spinal cord time management training vulnerability and penetration testing web security zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.