ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more
05 September 2018

5 simple ways you can help your users spot a phishing attack

Profile photo of Mat Richards - Security and Mobility.
Written by Mathew Richards

It’s long been touted that humans are the weak link in an organisation’s cyber defences.

There’s a reason phishing attacks are on the rise – it’s the easiest way for hackers to gain access to your systems, so they can do things like install ransomware or steal information. All it takes is for one of your employers to download an attachment or click a link they shouldn’t have and your beautifully constructed cyber security solution will come crashing down.

But don’t just wait for a user to get tricked so you can blame them and help make the multitude of reports I’ve found online even scarier!

Make it easy for users

There are some simple things you can do to help educate your employees and give them the best chance of recognising an email with malicious intent…

1. Use a visual cue

At ThirdSpace, we include a visual cue on all incoming emails:

This acts as a reminder to our employees to check the message has come from someone they know – especially before following any instructions or opening any attachments.

I do recommend you maintain an exceptions list – i.e. leave the visual cue off known customer and supplier domains. This gives the warnings more impact. When emails do arrive with the banner applied, it prompts users to question the content.

If it’s automatically applied to everything, they’ll start to ignore it. We’ve added client domains to an exceptions list in Exchange Online to remove the warning banner from those we trust.

I’ve also excluded it from being applied to internal mail, which helps me spot if anyone is trying to impersonate one of our users.

A buyer’s guide to Microsoft Enterprise Security

A buyer’s guide to Microsoft Enterprise Security

Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:

  • What Microsoft security technologies exist – and their key features and benefits
  • How each technology integrates and works together to maximise your security
  • Microsoft 365 licensing requirements – including a handy infographic
Download e-Guide

2. Quiz your users

What’s wrong with this email?

One of the simplest ways to educate your users is to craft a phishing message, take a screen shot and share it with them. Explain it’s an example of a phishing attack, but ask them to tell you how they would have known.

This will get them thinking – and as gaps in their knowledge appear, it will give you an opportunity to show them how to check a URL is safe or identity a fake domain name, etc.

3. Run your own campaigns

On the subject of fake domains – consider buying a domain name that looks similar to your own or take advantage of Microsoft Office 365 Phishing Attack Simulator.

According to Microsoft, 75% of all company breaches now start with a phishing attempt. So, whilst it might not sound like the nicest idea to ‘trick’ your employees, there’s a real business case to be made for running a simulated phishing email campaign internally.

With Office 365 Attack Simulator, your job is made easier as it comes with several phishing templates. But, however you choose to run your campaign, make sure it’s not just a one off – send a few emails, over a series of weeks, and vary the phishing technique with each.

This will help you highlight where people are most susceptible – and who is most susceptible for that matter – so you can focus your education and guidance investments.

4. Make it a part of your testing plans

You’re doing annual penetration testing, right?

And you’re doing it correctly?

Including a phishing exercise as part of your annual penetration testing is a must.

There’s nothing like a real-world test to see who’s vulnerable to phishing and test the technology you have in place.

A good penetration tester will have lots of sneaky ways to try and catch your users out. You can use that data to improve your training and look at any gaps in your technological implementation.

5. Take advantage of Microsoft

Whether it’s visual cues or simulating phishing emails – all my previous tips are enabled or made much easier with Microsoft Office 365.

We talk to so many companies who are paying for licenses but aren’t enabling all the features that are available to them.

Don’t waste resources or take unnecessary risks – configure Exchange Online Protection effectively and switch on features like ATP anti-phishing protection today.

Next, download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.

Or learn more about Microsoft 365 licensing in our blog. Gain answers to the most common questions.

Want more great security content? Subscribe to the ThirdSpace mailing list!

Want more great security content? Subscribe to the ThirdSpace mailing list!

Keep your finger on the pulse of security and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.

Profile photo of Mat Richards - Security and Mobility.

About Mathew Richards

Head of Mobility & Security

As head of our Mobility & Security practice, Mat’s responsibilities include ensuring that our technical knowledge and delivery capability are fully up to speed and current, as well as creating a...


You may also like...


Remote working fuels 2022 Cyber Essentials changes – Are you ready to meet the new security standard?


A quick guide to Microsoft 365 E5 Security and Compliance add-ons


Microsoft 365 licensing: E3 vs. E5 – Which is right for you?

Recent Blog Articles

View All
Related topics

A buyer’s guide to Microsoft security

Understand what each Microsoft technology does and how they all integrate.

Download 43-page Guide

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.