.svg)
Featured Posts
Privacy is not just about personal information; it’s information that can be business critical. With cyber criminals constantly evolving their tactics, protecting employee and customer data must be a priority. One of the biggest threats to privacy is phishing - deceptive emails or messages designed to trick you into sharing sensitive info. Ever wondered what is phishing? or how to stop phishing emails before they get to your inbox? You’re not alone.
As part of Privacy Awareness Week, we’re sharing five quick wins to strengthen your human firewall, reduce human risk and take control of your data.
1. Run Phishing Tests to Build Awareness
A phishing test, or simulation is one of the best ways to see how vulnerable your team is to social engineering attacks. These safe phishing simulations can help identify knowledge gaps and instil real-time learning. When people know how phishing works, they’re far less likely to fall for it.
Quick win: Schedule monthly phishing simulations with contextual feedback to keep staff informed.
2. Review What Personal Data Is Shared (and where)
Many phishing attacks use publicly available data (Your digital footprint), including names, job titles and even employee photos from LinkedIn or company websites. The more they know, the more convincing the scam.
Quick win: Audit your company’s digital footprint and remove unnecessary employee info from public facing pages.
3. Give Employees Just-in-Time Cyber Security Awareness Training
Annual generic training doesn’t cut it. To change behaviour, employees need short, relevant and timely training moments that match real world threats, along with interactive components to really make that learning stick.
Quick win: Deliver bite-sized lessons as part of onboarding, policy updates or following phishing tests to reinforce privacy best practices.
.png)
4. Strengthen Email Security Tools and Filters
Technology plays a big part in reducing the risk of phishing emails getting to your users. Spam filters, link scanners and domain-blocking tools are essential but must be configured correctly. What about reported emails? While around 84% of reported emails are safe or ‘grey’ (advertising or mailing lists), the onus is on the IT or security team to manually check them. Having an email triage product can cut that down, which is especially helpful if you are teaching employees to report anything suspicious.
Quick win: Work with IT to review your email filtering rules regularly and block known malicious domains, especially those mimicking trusted services. Even better, get an email triage like Phish Focus and security product to do this for you.
5. Encourage Reporting, Not Blame
One of the best ways to stop phishing emails is to detect and contain them fast—but that only works if employees feel comfortable reporting suspicious emails. Calling people out for ‘falling’ for a scam, or clicking a link can lead to shame and this leads to hiding behaviours, which helps no one.
Quick win: Get all staff to report anything slightly suspicious or phishy. Celebrate early reporting wins to remove fear and encourage participation, even better if it’s followed up by training.
Phishing doesn’t just threaten data, it threatens privacy, trust and safety. By building good habits and a privacy-first culture your organisation can take control of its cyber risk.
Ready to get started? Phriendly Phishing makes it easy with phishing simulation tests, custom learning journeys and tools to stop phishing emails in their tracks.
