it security phishing

Part-1:::In your discussion post, consider the scenario presented here, or a real-world example of phishing…

You arrive at work, open your email, and see this:

Employment Opportunity!!!FILLER TEXTFILLER TEXTThis Job is currently recruiting. A Job that will not affect your presents employment or studies, fun and rewarding. You get to make up to $300 weekly, I tried it and i made cool cash, If You are interest you can visit their website at
http://getacoolJobreallyfast.work to apply and read more about the job.FILLER TEXTFILLER TEXTBest Regards,FILLER TEXTHuman Resources and BenefitsFILLER TEXTPyramid Placement AgencyFILLER TEXT5555 Fifth St.FILLER TEXTAnytown, US 11111FILLER TEXTHR&benefits@PPA.gob

There are many things in this example that let you know this is not a real opportunity for employment, but more likely an opportunity for someone to gain access to your computer and your company’s private information. However, real-world attempts are not always this obvious and can take many forms. Social engineering, phishing, malware, spoofing, hacking, and card skimming are all risks to our personal and business information.

As you respond consider the following:FILLER TEXT

• Describe indicators you can use to identify a phishing email.
• Explain the importance of employee knowledge concerning phishing attempts.
• Provide several recommendations for information security practices  that could be implemented to limit the risks and impact of phishing emails.

Part-2:::Respond to the following 2 paragraphs separately. When responding, provide an additional suggestion for an information security practice they did not identify, and explain how your suggested practice would deter or reduce the impact of phishing within the company.

Paragraph 1:  I am using a real world example.  This happened to me.  On September 19, 2004, I fell victim to a phishing scam.  It was Sunday and I was to be at work at the hospital for 8 a.m.  I was working two jobs at the time and had just gotten home after midnight.  I had a few hours of sleep and woke up, got ready to go and decided to check my email.  It was supposedly from Paypal and so I opened it.  Now, I had opened my account two years prior and new that any communication from the was going to start out with my name.  This particular email did not.  I read it and not one red flag went up in my head until I had been at work for almost two hours.  Then I got that sick feeling in my stomach.  The email had stated that I needed to verify my account due to privacy policy changes and, as I said before, it just didn’t click.  I entered everything they asked, social security number, checking account, and mother’s maiden name.  Once I was back home, I went back into that email and replied in the blanks that I was going to turn this over to the Kansas Bureau of Investigation.  I took Monday morning off from work and closed all of my accounts whether they were credit cards or bank.  It has been fifteen years and I have not had one incident of any missing money or opened accounts under my information.  I am very thankful for that and lucky that I only had the minor headache of closing a few accounts.  I am aware that something could still happen, but I am also even more careful than before when seeing something in my Inbox that does not look familiar.  Those emails get deleted without being opened.    There are a few indicators that I have noticed to help in determining if the email is phishing.  I will say that the email I received looked nearly identical to the actual ones Paypal sent at that time.  It can be hard to determine based on looks alone.  One is the way the recipient is addressed.  Is the email starting out, “Dear Valued Customer,” or “Dear Mr./Mrs. Doe,”.  The big indicator in the email that I foolishly replied to was that it was addressed to “Dear Paypal customer,”.  It should have been my first and last name.     Another indicator is the subject heading of the email.  These may use words to get the recipients attention such as “urgent”.  One more indicator that I have noticed is web address links.  When these links are scrolled over, the bottom left corner of the screen shows the address.  If the address is not familiar, then it is very possible it is not legitimate.    In a business setting, education about phishing scams is important.  It is important that employees know what they are allowed to do on company equipment.  What websites they may browse and which ones are not allowed.  It is also important that they know who is on the “team” they work with and know email etiquette.   In August of this year, Truman Medical Center was hit with ransomware.  I am aware that this is not necessarily phishing, but it may have come through an email or a web link that was mistakenly clicked on.  I have included links to articles if you would like to read about it.

FILLER TEXT

Paragraph 2: My company mostly communicates through email on the back-end of operations, so phishing emails are common in my everyday life. It’s often very easy to distinguish between a phishing attempt and a legitimate business email. In these emails, phishers often claim they are linking you to a job offer or to some special reward you’ve been randomly selected for. Sometimes they’ll even claim there’s something wrong with an account of yours, causing you to panic. The phishers will then link a website that doesn’t appear to match the domain the email is coming from. Clicking on the link will frequently request sensitive personal information. Most legitimate businesses are not going to send you unsolicited invitations to job applications or request account verification via email. Phishing attempts also tend to have incorrect spelling or grammar, whereas most business emails are carefully and methodically reviewed for these types of mistakes before being sent. Another common indicator is the request for money from phishers – they’ll often say you’ll get it back or that it’s being used to cover fees associated. I assume requests like these to always be fraudulent unless I introduced the contact to the company. As indicated in chapter 1 of the Computer and Information Security Handbook, training employees about information security within a business is just as important as enacting the security itself (Vacca, 2017). Employees must be trained to recognize phishing attempts in an effort to protect the business’s sensitive information from those who would compromise it. If employees with access to this information let their guard down or become negligent of their responsibility, it could lead to great loss for the business and their customers. Phishers often target businesses as companies have great large of crucial assets that would benefit the hacker, such a consumer personal information, financial reports, or analytics. An employee who doesn’t take care to actively avoid falling for such phishing attempts puts the entire business and themselves at risk for disastrous consequences. As the Computer and Information Security Handbook makes clear, humans are the “biggest single source of loss” (Vacca, 2017) and so it is the corporation’s and management’s obligation to ensure employees are properly trained to fend off such deception. The articles provided “Internet Security” and “Firewalls” by Virgil L. Burton, III provided some excellent recommendations for steps we can take to mitigate the risks of phishing emails by suggesting things like installing firewalls between networks to filter out fraudulent emails or using stronger, more complex passwords. Both actions ensure a roadblock in the way of the hacker attempting to access sensitive information by enhancing the security guarding that information. We can also reduce these risks by ensuring active and involved training for employees and contractors to make them aware and vigilant for such cyberattacks. Phishing emails, unfortunately, do sometimes still make it passed firewalls and alternate forms of security. At this point, it comes down to a person’s ability to recognize and distinguish a fraudulent request for sensitive information. Equipping employees with proper training to be alert and cautious of these emails is imperative to any business’s operation.

 

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.