{"id":6231,"date":"2025-08-15T12:29:31","date_gmt":"2025-08-15T11:29:31","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/\/\/how-to-protect-against-phishing-7-tips-for-protecting-your-organisation\/"},"modified":"2025-12-15T16:16:07","modified_gmt":"2025-12-15T16:16:07","slug":"how-to-protect-against-phishing-7-tips-for-protecting-your-organisation","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/cyber-essentials\/insights\/how-to-protect-against-phishing-7-tips-for-protecting-your-organisation\/","title":{"rendered":"Reduce Phishing Attacks Within Your Organisation: 7 Top Tips"},"content":{"rendered":"

When people think of cyber security, they tend to think of hacking, but phishing is potentially a far greater threat. That\u2019s because, rather than attempting to hack past security structures, phishers instead focus on a far easier target: tricking members of your organisation into letting them in. Find out more about phishing and how to protect your organisation from this kind of attack.<\/em><\/p>\r\n

\u00a0<\/h2>\r\n

What Is Phishing?<\/h2>\r\n

Phishing is an attempt to trick someone into taking an action that makes it possible to steal sensitive information from them.<\/p>\r\n

Phishing usually takes the form of an email that pretends to be from someone the recipient might trust. This email will encourage the user to share their information, such as directing them to enter their login details on a fraudulent webpage that looks like it belongs to a company the user trusts.<\/p>\r\n

Phishing is just one tool amongst a cyber criminal\u2019s \u201csocial engineering\u201d toolkit, but the use of this tool is on the rise. Tricking one of your employees into divulging their login is easier than trying to hack into your customer database. This means that you need to take steps to protect against phishing attacks as part of your information security processes.<\/p>\r\n

\u00a0<\/h2>\r\n

Phishing Prevention Best Practices<\/h2>\r\n

This isn\u2019t an exhaustive list of measures you can take to prevent your team falling foul of a phishing attack, and there\u2019s no way to guarantee that a phishing attack won\u2019t succeed. Nevertheless, these measures can greatly reduce the risk that a phisher can successfully gain access to the sensitive information held by your organisation.<\/p>\r\n

Implement multi-factor authentication<\/h3>\r\n

Also known as two-factor authentication (2FA), this security feature adds an extra step to a login process by requiring the user to provide extra proof of their identity. This proof can take many forms, from providing a code sent to them via text message to inserting a physical security key into their device.<\/p>\r\n

This extra layer of authentication means that a phishing attack that successfully gains access to an employee\u2019s login details still can\u2019t access your files unless they also have access to the second method of authentication.<\/p>\r\n

Update devices regularly<\/h3>\r\n

Some phishing attacks make use of security flaws discovered in the software running on your device. Software developers issue regular updates to fix these flaws, so make sure that your organisation regularly updates its devices to keep them as protected as possible.<\/p>\r\n

Of course, there is concern about maintaining compatibility with other software, so you might not want to install updates as soon as they are available. Part of your risk analyses will account for the risk to your business should a piece of software stop working versus the risk of security vulnerabilities. You may decide to examine the details of each update as they are made available and install them as and when it is appropriate.<\/p>\r\n

Draw a clear line between personal and business devices<\/h3>\r\n

Some of your employees may access their work email on their personal devices. While this might seem convenient and cost-effective, a compromised personal device could help a phisher gain access to your organisation\u2019s information.<\/p>\r\n

It is best practice to issue employees with dedicated equipment for their work. If this is not practical, ensure that your employees are following your organisation\u2019s information security processes even when using their personal devices. If they are not, you may need to consider restricting remote access while they are on such devices.<\/p>\r\n

Don\u2019t click links in emails<\/h3>\r\n

While most of us think of the foreign prince trying to move money out of his country when we think of phishing emails, the truth is that these kinds of attacks have become much more sophisticated. Many phishing emails are indistinguishable from the real thing, copying the design, layout, even the language used by a company in an attempt to get you to visit their fraudulent site.<\/p>\r\n

The safest course of action is to avoid clicking links in any emails. Type the company\u2019s URL into your Internet browser manually or finding for them via a search engine. If the message is legitimate, you will often be able to find the page by navigating to it via the website\u2019s homepage.<\/p>\r\n

Watch out for these warning signs<\/h3>\r\n

Most phishing attacks will attempt to elicit an emotional response that overrides your rational reaction. If you receive an unexpected email that you find alarming, frightening, or exciting, pause and look past the messages for these warning signs.<\/p>\r\n