New Guidance This Week from FTC on Best Practices Against Phishing

By Zuzana S. Ikels

On March 6, 2017, the Federal Trade Commission (FTC) issued new guidelines for businesses as to how to deter and reduce the risk of phishing attacks. The recommendations should be shared and discussed with your company’s Information Technology (IT) department to make sure that the email servers and systems have the requisite safeguards. Compliance with these standards will reduce risk and is one way of showing that the company is making a prudent and reasonable effort to protect personal information. 
 
The FTC’s guidelines focus on implementing proper email authentication technology, including: (a)  installing a Sender Policy Framework (SPF), which requires the business to designate the IP addresses it uses to send emails, (b) DomainKeys Identified Mail (DKIM), which authenticates the source and integrity of messages, and (c) Domain Message Authentication Reporting and Conformance (DMARC), which monitors and excludes unauthenticated email sources. The FTC also advises businesses to make sure that the software has the strongest available setting, which blocks the delivery of unauthenticated messages and scans attachments for sensitive PII. 
 
To read the entire report, click here.