Jump to content
OpenSecurity.global

Danny tolnay

Members
  • Content Count

    2
  • Joined

  • Last visited

  • Invited by

    Paul Barton

Community Reputation

2 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Great points, thanks! We largely do all of the same things that you mentioned as well. I don't currently add the hashes to our EDR, but I really like that idea and I'll start implementing it as well. I try not to ask too many questions of the user unless the situation truly calls for it, mostly because I want them to see us as extremely approachable. I'm curious about your gold star people, do you do anything besides track them? Do you take any actions on the metrics? For instance, i'm considering implementing a '3 strikes' rule, where we'll then place them in a 'restricted internet' group, which would tie their internet usage to more business critical usage while restricting more leisurely types of sites.
  2. Assuming you encourage your users to report suspected phish, how do you handle it after they report? Some of the things I do... Determine whether it is truly a phish, or spam, or legit business use. If phish, block email address at global perimeter and thank user for reporting. If spam, let user know that although unsolicited (assuming this since they reported it in the first place), the email appears to be a legit service/offering. I then attach a doc which shows them how to block the address in their personal quarantine, if they wish. I prefer this method rather than encouraging them to use the unsubscribe option in the email itself, due to the potential of that being the point of the attack. I always thank the user for submitting/reporting in any case, to build a healthy relationship between security/users. Sure, this leads to a select few users being 'report-happy', but so far it is manageable, and preferred. Curious what others are doing. Also, outside of the perimeter services/heuristics, is anyone using anything like PhishTank? https://www.phishtank.com
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy