Social Defense

You’ll want to provide training for the people in your organization so they develop a healthy level of skepticism toward incoming email. You can put the training together yourself or hire an outside firm. Your best defense is vigilant colleagues. Most phishing attacks spread a wide net, so increasing the likelihood that even one person notices the deception allows you to respond and get the word out sooner. We’ll cover phishing responses later in this chapter.

Here are the basic points you’ll want to emphasize in your anti-phishing training.

  • Don’t embarrass your colleagues.
  • Be extra skeptical about emails with urgent deadlines.
  • Be suspicious of strange-looking domains in links and email addresses.
  • Be skeptical about attachments.
  • Consider ...

Get Practical Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.