Effective Strategies to Mitigate Phishing Risks

CE.

The two changes that the company should make to reduce the risks associated with phishing attacks are:

1. Block access to personal email on corporate systems: By blocking access to personal email on corporate systems, the company can limit the attack surface for phishing attacks. Phishing attacks often use email as a vector for attack, and by preventing access to personal email, the company can limit the number of potential targets.

2. Review access violation on the file server: The fact that proprietary information is appearing on public websites suggests that the company's file server may have been compromised. By reviewing access violations on the file server, the company can identify potential unauthorized access and take steps to secure the server.

Let's take a look at the other options:

A. Install an additional firewall: While adding another firewall can increase security, it may not directly address the issue of phishing attacks.

B. Implement a redundant email server: Redundancy in email servers may improve the availability of email services, but it may not directly address the issue of phishing attacks.

D. Update the X.509 certificates on the corporate email server: Updating the X.509 certificates on the corporate email server may improve the security of the email system, but it may not directly address the issue of phishing attacks.

E. Update corporate policy to prohibit access to social media websites: Prohibiting access to social media websites may limit the attack surface, but it may not directly address the issue of phishing attacks.

F. Review access violation on the file server: This is a duplicate of the second option and is a valid action to take.

In summary, the two changes that the company should make to reduce the risks associated with phishing attacks are to block access to personal email on corporate systems and to review access violations on the file server.