THE PLACE OF SOCIAL ENGINEERING IN THE PROBLEM OF DATA LEAKS AND ORGANIZATIONAL ASPECTS OF CORPORATE ENVIRONMENT PROTECTION AGAINST FISHING E-MAIL ATTACKS

Abstract

As the number and percentage of phishing attacks on company employees and regular users have tended to increase rapidly over the last two years, it is necessary to cover the issue of protection against this type of social engineering attacks. Throughout the pandemic, intruders are finding more and more new ways to cheat, so even experienced Internet users can become a victim to their scams. Due to the fact that e-mail is used in almost all companies, most fishing attacks use e-mail to send malicious messages. The article discusses the main methods used by attackers to conduct phishing attacks using e-mail, signs that the user has become a victim to social engineers, and provides recommendations how to increase the resilience of the corporate environment to such attacks using organizational methods. Because the user is the target of phishing attacks, and the tools built into the browser and email clients in most cases do not provide reliable protection against phishing, it is the user who poses the greatest danger to the company, because he, having become a victim of a fishing attack, can cause significant damage to the company due to his lack of competence and experience. That is why it is necessary to conduct training and periodic testing of personnel to provide resistance to targeted phishing attacks. Company employees should be familiar with the signs of phishing, examples of such attacks, the principles of working with corporate data and their responsibility. The company's management must create and communicate to the staff regulations and instructions that describe storage, processing, dissemination and transfer processes of information to third parties. Employees should also report suspicious emails, messages, calls, or people who have tried to find out valuable information to the company's security service. Raising general awareness through hands-on training will reduce the number of information security incidents caused by phishing attacks.