The National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center have co-authored an information sheet to help organizations defend their IT systems against email phishing attacks.
The cybersecurity guidance outlines commonly used phishing techniques, followed by more than 12 best practices that network defenders can employ to protect their organizations from such social engineering threats, NSA said Wednesday.
The cybersecurity information sheet, entitled “Phishing Guidance: Stopping the Attack Cycle at Phase One,” includes recommendations not only for large enterprises but also for small- and medium-sized businesses which may not have enough resources to establish a robust IT staff.
It also incorporates secure-by-design and -default principles to emphasize the need for software manufacturers to boost the cybersecurity posture of their products before they are deployed to customers.
Recommendations include activating Domain-based Message Authentication, Reporting and Conformance to reject potentially malicious incoming emails, regularly monitoring internal mail and messaging and installing free security tools such as OpenDNS Home.
