How to defend your organisation from email phishing attacks.?
Phishing attacks: defending your organisation contains advice on how organisations can defend themselves against malicious emails that use social engineering techniques. It outlines a multi-layered approach that can improve your resilience against phishing, whilst minimising disruption to user productivity. The mitigations suggested are also useful against other types of cyber attack, and will help your organisation become more resilient overall.
>>>> This guidance is aimed at technology, operations or security staff responsible for designing and implementing defences for medium to large organisations. This includes staff responsible for phishing training.
- >>>> Staff within smaller organisations will also find this guidance useful, but should refer to the NCSC’s Small Business Guide beforehand.
- >>>> This guidance concludes with a real-world example that illustrates how a multi-layered approach prevented a phishing attack from damaging a major financial-sector organisation.
What is phishing?
Phishing describes a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link. Phishing can be conducted via a text message, social media, or by phone, but these days most people use the term ‘phishing’ to describe attacks that arrive by email. Email is an ideal delivery method for phishing attacks as it can reach users directly and hide amongst the huge number of benign emails that busy users receive.