Bogdan Prusov, Head of the IT Department

[tanjimajuha20]

oman Alabin recommended paying attention to the sender's address - usually phishing mailings come from free mail services: "The letter may contain errors, typos, grammatical constructions that are strange for official letters, etc. Sometimes a phishing letter can be very similar to the real thing, so it is important not to make hasty decisions and, at the slightest suspicion, contact the information security service (IS)."

at Makves Group LLC, noted saudi arabia whatsapp resource the importance of employees understanding the existing threats: "Within the company, we pay special attention to this and send out regular mailings with reminders about possible phishing attacks and malicious software (SW). Such mailings contain a detailed description of the attackers' scheme of action and advice on ensuring the security of our employees' accounts and data. Educational events and raising employee awareness play a key role in ensuring the information security of our company."

Deputy CEO of Staffcop (Atom Security, part of SKB Kontur Group) Daniil Borislavsky noted that it is necessary to follow simple rules of cyber hygiene: "Be careful when receiving letters from unknown senders, do not open attachments from unknown addresses, especially executable files - these are with the extension "*.bat", "*.exe", "*.com". If the letter seems too suspicious, forward it to the IT or information security department for verification. Modern monitoring systems help to find those who violated the rules of information security and accidentally caused an incident."

Kai Mikhailov, Head of the Information Security Department at Infozashchita JSC, believes that spam recognition systems are powerless in the case of correspondence on behalf of counterparties, since formally the correspondence does not violate any technical rules and is sent from a legitimate mailbox, but an encrypted attachment should arouse suspicion in any case. "We recommend setting up blocking of encrypted email attachments on corporate mail systems. If there is a need to send sensitive content, it is better to use special information exchange systems, there is no need to use mail for this," Kai Mikhailov noted.