This latest heads-up around phishing-based warfare from a source as reputable as Google show the need to both be watchful for and responsive to phishing attacks.
This month, Google reiterated its warnings of phishing attacks coming from a few dozen foreign governments. Based on their own interaction with phishing emails, Google has identified when specific users and/or companies are being targeted, notifying them with a warning similar to the one below:
Google’s concern revolves around governments attempting to con users out of their Google password – giving them access to countless services including email, the G Suite, cloud-based file data, and more.
Google provides their users with guidelines around how to take action to better protect themselves including:
- 2-Factor Authentication – the use of a password token (whether a physical or mobile-based token) provides an additional layer of protection, specifically around access once a password has been compromised.
- Limited Access – Google focuses on limiting access from Google services to your email and drive files. This same thinking applies in a corporate environment when thinking about either implementing Least Privilege or even creating a state of Zero Trust.
Given that Google provides warnings to users, they’re admitting that the possibility exists where even they may not stop a phishing attack before it reaches a user. So, in addition to Google’s suggestions, we’d like to add in one more of our own:
- Secure the User – Educate the user via Security Awareness Training about not just the existence of phishing attacks, but how they work, what they look like, and what they’re after. This knowledge empowers users to be on the watch for phishing attacks, improving their ability to spot them and avoid becoming a victim.
Request A Demo: Security Awareness Training
It is abundantly clear that training is critical to enabling your users to defend your organization against phishing attacks. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it is!
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: