Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware or direct them to a dodgy website. Below are ways to mitigate against phishing attacks.

1. Use domain settings and anti-spoofing controls such as DMARC, SPF, DKIM to reduce emails being spoofed.
2. Set up spam and email filters to block phishing emails.
3. Protect from malware using up-to-date anti-malware software.
4. Ensure limited administrator accounts are on a need-only basis which are not used to check email or browse the web.
5. Set up Two Factor Authentication (2FA) and remove/suspend any accounts no longer in use.
6. Implement a robust password policy.
7. Keep monitoring tools up to date.