The National Cyber Security Centre (NCSC) has issued new guidance on how to defend your business against a phishing attack.
Phishing describes a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link. Phishing can be conducted via a text message, social media, or by phone, but these days most people use the term ‘phishing’ to describe attacks that arrive by email. Phishing emails can hit an organisation of any size and type. Aside from the theft of information, attacks can install malware (such as ransomware), sabotage your systems, or steal money through fraud.
The guidance is aimed at technology, operations or security staff responsible for designing and implementing defences within for medium to large organisations. It outlines a multi-layered approach that can improve your resilience against phishing, while minimising disruption to user productivity.