Organizations can protect their people and information assets from phishing attempts by following these best practices:
Implement email security software to block known malicious domains and antivirus software to scan all emails and attachments.
Use training and phishing simulations to give employees a safe space to test their phishing knowledge.
Ensure that users always use strong passwords and multi-factor authentication (MFA) to secure their accounts and devices.
Discourage users from sharing or reusing passwords to minimize the possibility of credential compromise. These steps reduce the chances of credential stuffing and subsequent attacks and breaches if an account is compromised.
Encourage users to use a password manager to securely store their passwords.
Discourage users from opening emails and attachments from unknown or suspicious senders.
Educate users on the “red flags” that are signs of a phishing attempt.