On 11/13/23 12:29 PM, Mel Beckman wrote:
We use KnowBe4.com's user training. That's really the only way you can
fight this, since its a human problem, not a technical one. These guys
provide fully automated, AI based (well, who knows what that means)
simulated phishing attacks, largely to give users real-world practical
experience detecting and fending off attacks. You get a report card on
each users to, so you know where the weaknesses are in your staff
knowledge. Their training regimen includes some pretty good
self-guided instructional videos.
DMARC, SPF, digitally-signed emails, encryption, none of that matters
if a user can be tricked into letting the crooks in the front door.
I think that both are needed, to be honest. The signatures can be a tool
in the user's arsenal but if they are clueless and gullible there isn't
much you can do about that.
Mike
