As you probably now, phising is being a great threat to every organization, we receveid a lot of malicious contacts, from email to SMS, or lateley even phone.
In the blog, I’ve been taling about technology and how this technology can help administrators to avoid certain threat, but what about the end users? Can we help them of how to identity phising attempts? Yes, of course, let’s talk about some of them:
First of all, I want to talk about corporate branding, do not think in terms of marketing deparment, think about helping users to identify phising. For example, every tenant has the same identical login page, but doing some customization with:
- organizational logo
- Background image
- Company message
with these easy configurations, we will help users to identify threats
Another thing that I strongly recommend to my customers is to use the Microsoft Report Message Add-In, which allows them to report malicious messages directly to Microsoft.
This addin can be deployed centrally to all users 🙂
Finally, if you have the proper license I strongly encouraged you to run regular phising campaigns inernally. With Microsoft Defender for M365 it is very easy. The main point here it is not to catch users, is to awarn them about the threats of clicking in a email.
That’s all, as you probably know, technical solutions does not prevent all situations that we have everyday, so what it is most important is user awareness which will be the first point of security of your organization.