SmartAdvice: Customer Education Key Part Of Anti-Phishing Protection - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance
Commentary
7/29/2004
03:50 PM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Customer Education Key Part Of Anti-Phishing Protection

Educating customers to safeguard personal information helps prevent phishing thefts and builds loyalty, The Advisory Council says. Also, test to make sure systems are compatible with upcoming Windows XP Service Pack 2 release; and follow code-review practices to make sure your developers write secure code.

Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]


Question A: What can we do to protect our customers from phishing scams masquerading as our Web site?

Our advice: If I were to summarize the response in just two words it would be "customer education." But first ....

What is phishing?
Phishing stands for "password harvesting fishing" and is the luring of sensitive information, such as passwords, Social Security numbers, financial data, account information, etc., from a victim by masquerading as someone trustworthy with a need for such information. The term was coined about 10 years ago by hackers attempting to steal AOL accounts to send out spam. Today, online criminals use phishing for more directly profitable uses, including identity theft, online banking, and online auctions.

Related Links

How Not To Get Hooked By A 'Phishing' Scam

BBB Phishing Phacts

Anti-Phishing Working Group



Why is phishing a problem?
Phishing threatens the very fabric of trust upon which commerce, and Internet commerce in particular, relies every day. Given how easy it is to compromise a user's security simply by posing as a trustworthy company and requesting sensitive information, this raises concerns about the level of trust that users will place on the Internet going forward. However, what's interesting about phishing statistics is that it represents a small percentage of all the "garden variety" identity theft that occurs around us.

What can customers do to protect themselves?
While I'm not going to list everything that the Federal Trade Commission and the Better Business Bureau suggest that consumers should do to protect themselves from phishing, here's the gist of their recommendations:

  • Don't give out personal information in a public place (such as a forum or chat room) or to someone you don't know.


  • If you receive an E-mail or a message requesting your personal information, don't provide it. Instead call, E-mail or visit (online or offline) the business to check with them to see if they are in fact the ones who sent the E-mail or message to you. In all likelihood it wouldn't be them, since such professional companies should never ask for your personal information unless you've initiated communication with them by visiting their Web site or calling their toll-free number.

Why should companies make efforts to protect their customers from phishing scams?

  • Confidence: Companies that go the extra mile to inform, educate, and protect their customers from phishing scams will earn greater levels of trust and confidence and, thereby, more loyal customers.


  • Liability: Although it's an immense inconvenience for the consumer to have his or her identity stolen and to subsequently be compromised financially, U.S. law does protect the consumer. In most cases, the consumer isn't liable for the embezzlement and subsequent damage.


  • Service: It's the responsibility of companies to serve their customers to the fullest extent possible, and this includes informing, educating, and protecting their customers, to the extent possible, from phishing scams.

What can companies do to help protect their customers?
The No. 1 thing that companies can do is to educate their customers. The reason for this is that almost all the actions that need to be taken to protect customers from phishing scams need to be initiated by the customers themselves. These include:

  • Not divulging sensitive data to unidentified people or companies;


  • Installing anti-phishing software on their computers; and


  • Checking with the companies to see if they really require the requested information, etc.

However, rather than simply expecting customers to do the above entirely on their own, the onus falls on companies to regularly inform their customers about the above recommendations, to periodically educate them about the dangers of phishing, and to repeatedly encourage them to adhere to anti-phishing guidelines published by the FTC, the BBB, and the Anti-Phishing Working Group.

-- Sanjay Anand

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll