As cybersecurity professionals, we work each day to protect against a wide variety of threats. Attackers probe our firewalls with port scans, search out application security flaws and wage other exotic attacks against our systems. While those threats are real, the controls we use to address them don’t touch the No. 1 threat that affects organizations on a daily basis: phishing.

Phishing attacks are nothing new. They’ve certainly increased in sophistication over the past 20 years, but attackers have consistently used them to gain access to systems and information over the years for one good reason: They too often work. Let’s look at three security controls that organizations can put in place today to reduce their risk of falling victim to a phishing attack.

The decennial U.S. census is about to begin. The work of the census provides crucial information for government agencies, academic researchers and private businesses, but it also opens the door for cybercriminals seeking to exploit the widespread publicity around the census to conduct malicious attacks. We will inevitably witness social engineering attacks from individuals pretending to be associated with the census asking for Social Security numbers, passwords and other sensitive personally identifiable information.

Organizations need to prepare themselves for these inevitable attacks and ensure that their employees don’t fall for scams that accidentally compromise sensitive information.

Cybersecurity — one word that can inspire many different tactical approaches depending on its definition. If you feel overwhelmed by the idea of defining cybersecurity and developing a plan for its inclusion within your environment, then you’re not alone. Many organizations have started down the path of addressing exposure points, defining red and blue teams,…

I recently spent time speaking with IT leaders at CDW’s Protect SummIT in Philadelphia and heard a common theme: Organizations across the U.S. are incredibly concerned about the threat posed by social engineering attacks. All too often, leaders I speak with tell me that their organizations had recently fallen victim to phishing attacks that requested…

What’s the current state of multifactor authentication in your organization? If you’re like many of my customers, you might think that MFA is old hat — a problem solved years ago that now just requires a little routine maintenance. If that sounds familiar, it’s probably time for you to re-evaluate the role that MFA plays…

Earlier this year, the CFO of a company I work with opened an urgent email from his boss, the CEO, who we’ll call Sally. The CEO was out on the golf course and forwarded a vendor inquiry to the CFO, who we’ll call Harry. In the message, the vendor asked Sally when it would receive…