These three steps are essential to protect yourself against phishing

Criminals often target login details, which can compromise enterprise security

Criminals often target login details, which can compromise enterprise security

Phishing is one of the most popular forms of hacking, and incidents are rising

"Phishing remains one of the most popular forms of hacking," Workday's security product manager Archana Ramamoorthy said recently. Perhaps this shouldn't be a surprise: it is easier to fool a person than a machine.

Ramamoorthy was speaking at Workday Rising Europe, in Barcelona, where she told his audience that "30 per cent of phishing messages and 12 per cent of phishing attachments or links [are] being opened by users."

"But," she added, "there are three common-sense steps to take against phishing attacks and keep users and data safe." These can be summarised as prevention, detection and response.


The best way to protect against phishing is not to be phished in the first place. This can include password managers to generate secure password, and multi-factor authentication (MFA) - even biometrics.

"At-the-door authentication actively encourages behaviour that decreases susceptibility to attack during initial authentication," said Ramamoorthy.

That's only the first phase, though. To continue to strengthen their prevention, enterprises must manage their authentication policies:

"Organisations should understand who their users are, what their roles are and how authentication requirements change across roles. It's important for businesses to understand that policy reviews and updates are critical over time - as security threats evolve and users remain a constant target."

The final layer is called ‘just-in-time' or ‘step-up' authentication, which is required for a short time when a user is accessing highly sensitive information.


When prevention fails, victims must have a plan to detect where and why. Ramamoorthy specifically highlighted unusual login patterns as a giveaway: monitoring IP addresses, usernames and the success or failure of login attempts.

Again, there are multiple phases to detection, and the second is understanding user activity. IT teams, administrators and auditors need to understand how users engage across a system. Context is especially important, and teams must be able to examine specific information around login attempts.

Tiggers for suspicious activity, based on pre-set rules, are also key.

Response and analysis

When an incident has been found, it must be dealt with by containing it and blocking the affected user.

Ideally, organisations should have procedures in place to handle these situations; otherwise they risk an incoherent and/or chaotic response.

Equally important to procedures is a business culture that prioritises security:

"It's...important to create a culture of security, whereby employees are continually given education and training around the tell-tale signs and warning areas around cybersecurity," said Ramamoorthy. "This should involve phishing exercises, with test emails sent to employees to gain an understanding of how many are clicking dubious URLs."

While preventing every attack is unlikely, if not impossible, a proactive approach to detection and response will help to limit their impact.

This is a sponsored post by Workday.

More on Security

Image: Eurovision

Italian police block pro-Russia attacks during Eurovision

The authorities foiled cyberattacks pro-Russian groups Killnet and Legion during the 2022 Eurovision Song Contest in Turin last week.

Tom Allen
clock 16 May 2022 • 3 min read
Jake Davis, former hacktivist

Former Lulzsec and Anonymous hacktivist 'Topiary' discusses his criminal past

The former hacker also recommends cyber security strategies for organisations of all sizes

Stuart Sumner
clock 13 May 2022 • 1 min read
Cyber Security - AI tools ranked

AI in security: who are the top vendors and products?

Computing's research director John Leonard presents findings from the brand's research arm Delta, showing how independently-sourced customers view the AI security products they use every day

Stuart Sumner
clock 12 May 2022 • 1 min read