There are many types of network security attacks that can be stopped solely by the firewall on the edge of the network. Of course, if it were that easy we wouldn’t hear about so many breaches. Sometimes attacks come from within, from employees clicking on things they shouldn’t but are masked to be legitimate. These types of attacks are known as phishing, and they are a significant threat because they take your network security out of the question - it is the human element of the company that will either keep your data safe, or place you as the lead story in the news.
In order to defend against the problem, you need to understand how the attack will come. Attacks typically come in appearing legitimate with some kind of warning that will demand immediate action. This could include but isn’t limited to warnings from banks, requests for refunds, winning contests, or Nigerian princes trying to get money out of the country. Granted the last one isn’t quite as common these days, but the other three are, and any request for you to click a link or email sensitive information like a password or account number should be ignored as a potential phishing attack. Typically these attacks come in email form, though they can be seen on standalone webpages from time to time as well.
It’s also important to remember that while most attacks will probably come by email, they can travel by other forms. Phone calls aren’t out of the question, and in rare cases someone may probe for information in the physical world. Sometimes these attacks are referred to as social engineering, and a typical social engineering attack will focus on information that doesn’t necessarily seem that dangerous to give out, such as a birthday. Usually in these cases another part of the account has been broken into, and the seemingly irrelevant information is something that is being requested by the group in question to act as a security question.
In order to stop these types of attacks, the best defense is a good education plan. Education in this space benefits your employees in the office and at home, as employees will certainly receive these attacks via on their personal attempt with attackers seeking to gain access to bank accounts and other sensitive things they certainly don’t want malicious entities to get into. The first place education should start with is telling employees to only click on links they are familiar with, and to open emails they recognize. Even if the email looks familiar, such as xxx@thebankofamerica.com, employees shouldn’t click because Bank of America doesn’t use ‘the’ in their website. Employees should also be cautious about updating their applications, such as OS, internet browsers, and anything else they might use on a day-to-day basis.
Of course, while phishing is a danger to any organization, it is still important to protect against traditional threats, as they do help to at the very least stem the number of inbound threats. Using a firewall solution in the business will help to block the IPs of known malicious entities, which will curb the amount of phishing attacks that get to the eyes of employees, and there are many types of attacks that can occur aside from phishing. Attacks can even come in through applications your employees might use, so it might be worth considering blocking some of these applications if they don’t have a business use, such as torrent applications. 
Alejandro
