Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity Education & Training

How to help employees spot and avoid phishing attacks

By Shena Tharnish
employees working at a table

Image via Unsplash

January 3, 2023

In the past few years, numerous cyberattacks and data breaches have impacted many of America's largest companies and their end-users. In many of these cases, millions of sensitive files, including credit card numbers, passwords, and other confidential customer data, were compromised all because an employee clicked on a phishing link.

Phishing is one of the most common forms of cybercrime and one of the biggest threats to organizations today - and they're on the rise. These attacks, which prey on the fear, trust and curiosity of everyday users, can take on many forms, whether it be impersonating a coworker, an urgent request from a bank, or even a fake audit notification.

Remote workers are especially vulnerable to phishing attacks, where a small percentage of end-user traffic is protected by corporate firewalls. With more and more work happening outside of corporate campuses, here are a few tips to protect organizations from phishing attacks:

Educate users on how to spot phishing

Raising user awareness of cyber dangers must be a priority for all businesses, especially when it comes to mitigating phishing attacks. That’s because attackers who use phishing are skilled in tricking users into clicking links leading to compromised websites designed to appear legitimate.

Also, these attackers don’t just target large enterprises. Recent reporting shows companies with less than 100 employees are three times more likely to be the target of a cyberattack — yet, they often lack sufficient cybersecurity measures and resources to manage their risk.

Training employees to identify and avoid suspicious emails, scrutinize senders, and always verify the authenticity of urgent requests for sensitive or confidential information are a must to prevent phishing attacks. This includes training employees to check for slight variations in spelling or format in the domain name and find alternate methods to verify suspicious emails (not by hitting reply).

For example, hackers’ URLs may only differentiate from the verified URL by one letter or number, meaning employees must do their due diligence when confirming senders. If something feels a bit “off,” or doesn’t seem quite right, encourage employees to follow their instincts and find a safe way to verify the email.

Enact common-sense policies to support user education

A wide range of phishing campaigns enabling ransomware, offering fake prizes, demanding unnecessary payments, stealing credentials and more have been identified across the threat landscape — yet attackers show no signs of letting up.

The reality is that technology alone cannot guarantee the security of a company’s data, so common-sense policies must support user education. If an organization trains users and does nothing to enforce security rules, chances are users will fall back on bad habits that can lead to a phishing attack, costing the company time, money and its reputation.

The same goes for hybrid work policies. Employees should keep work and personal activities separate. Using company email accounts exclusively for work-related purposes and company-issued devices when conducting work can help minimize the chance of phishing attacks. Additionally, organizations should only grant employees access to those systems they need to do their jobs.

Set a strategy and stick to it

End-users are often the weak points that enable cybersecurity attacks, but educating employees is only part of the battle because security is not static and needs to evolve with the company. With attackers constantly changing and refining their tactics to trick users, companies must have a solid technology-backed cybersecurity strategy and provide cybersecurity training to mitigate and prevent phishing attacks, which are becoming harder to spot.

Whether it’s costly malware, ransomware, bots or a phishing attempt, organizations need to implement cybersecurity measures that include endpoint protection programs, firewalls and network security solutions that proactively help protect all devices connected to their network.

KEYWORDS: cyber security education data breach employee risk phishing ransomware security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Shena tharnish

Shena Seneca Tharnish is VP of Cybersecurity and Practices for Comcast Business Services. She joined after serving as SVP, Enterprise Network Infrastructure at PNC Bank for five years in Pittsburgh, PA, and as a senior leader at The Home Depot, Inc. for twelve years in Atlanta, GA. Shena has over 24 years of experience in Information Technology – leading and managing network engineering and application development services.  Prior to joining The Home Depot, Tharnish worked as a network consultant with carriers MCI WorldCom and Concert Communications (BT/AT&T), designing wide area networks for businesses. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC1019-career-Feat-slide1_900px

    As Cyber Attacks Become More Prevalent, Here’s Why Your Small Business is at Risk

    See More
  • remote-enews

    Four ways to stop cybercriminals from capitalizing on your remote workers

    See More
  • convergence freepik

    Four ways SMBs can protect themselves from cybersecurity threats

    See More

Events

View AllSubmit An Event
  • November 17, 2025

    SECURITY 500 Conference

    This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing