These three steps are essential to protect yourself against phishing

clock • 2 min read

Phishing is one of the most popular forms of hacking, and incidents are rising

"Phishing remains one of the most popular forms of hacking," Workday's security product manager Archana Ramamoorthy said recently. Perhaps this shouldn't be a surprise: it is easier to fool a person than a machine.

Ramamoorthy was speaking at Workday Rising Europe, in Barcelona, where she told his audience that "30 per cent of phishing messages and 12 per cent of phishing attachments or links [are] being opened by users."

"But," she added, "there are three common-sense steps to take against phishing attacks and keep users and data safe." These can be summarised as prevention, detection and response.


The best way to protect against phishing is not to be phished in the first place. This can include password managers to generate secure password, and multi-factor authentication (MFA) - even biometrics.

"At-the-door authentication actively encourages behaviour that decreases susceptibility to attack during initial authentication," said Ramamoorthy.

That's only the first phase, though. To continue to strengthen their prevention, enterprises must manage their authentication policies:

"Organisations should understand who their users are, what their roles are and how authentication requirements change across roles. It's important for businesses to understand that policy reviews and updates are critical over time - as security threats evolve and users remain a constant target."

The final layer is called ‘just-in-time' or ‘step-up' authentication, which is required for a short time when a user is accessing highly sensitive information.


When prevention fails, victims must have a plan to detect where and why. Ramamoorthy specifically highlighted unusual login patterns as a giveaway: monitoring IP addresses, usernames and the success or failure of login attempts.

Again, there are multiple phases to detection, and the second is understanding user activity. IT teams, administrators and auditors need to understand how users engage across a system. Context is especially important, and teams must be able to examine specific information around login attempts.

Tiggers for suspicious activity, based on pre-set rules, are also key.

Response and analysis

When an incident has been found, it must be dealt with by containing it and blocking the affected user.

Ideally, organisations should have procedures in place to handle these situations; otherwise they risk an incoherent and/or chaotic response.

Equally important to procedures is a business culture that prioritises security:

"It's...important to create a culture of security, whereby employees are continually given education and training around the tell-tale signs and warning areas around cybersecurity," said Ramamoorthy. "This should involve phishing exercises, with test emails sent to employees to gain an understanding of how many are clicking dubious URLs."

While preventing every attack is unlikely, if not impossible, a proactive approach to detection and response will help to limit their impact.

This is a sponsored post by Workday.

You may also like
ShinyHunters member gets three years for hacking spree


Sebastien Raoult and accomplices were responsible for $6 million+ in financial damage

clock 11 January 2024 • 2 min read
Microsoft warns LinkedIn users of fake skills assessment portals


Those in IT and recruiting roles should watch out for unsolicited messages

clock 13 November 2023 • 2 min read
JumpCloud: A 'state-sponsored threat actor' compromised our systems


Firm says the threat actor was 'sophisticated' and 'persistent'

clock 18 July 2023 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security Technology

UK's biometrics commissioners steps down, signalling missteps

UK's biometrics commissioners steps down, signalling missteps

Home Office is ignoring new technologies

Muskan Arora
clock 31 January 2024 • 4 min read
Endpoint is the path of least resistance, says Threatlocker

Endpoint is the path of least resistance, says Threatlocker

IT Leaders Summit debates the true purpose of endpoint security.

Penny Horwood
clock 05 October 2023 • 2 min read
GitHub announces passwordless authentication trial

GitHub announces passwordless authentication trial

The trial can be considered a milestone in the long demise of passwords

Penny Horwood
clock 13 July 2023 • 2 min read