Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Five key steps to defend your organisation from harmful phishing attacks
    Technology

    Five Key Steps to Defend Your Organisation From Harmful Phishing Attacks

    Published by Jessica Weisman-Pitts

    Posted on August 18, 2022

    5 min read

    Last updated: February 4, 2026

    Add as preferred source on Google
    An alert message displayed on a computer screen emphasizes the importance of defending against phishing attacks. This image relates to the article's focus on protecting organizations from cyber threats and enhancing security measures.
    Warning alert on a computer screen highlighting phishing attacks - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Tags:securitycybersecurityphishingfinancial servicesrisk management

    By Chris Watkins, Head of Security, Ultima

    Some of the worst cybercrimes have taken place because of a tiny flaw. Cybercriminals rely on this flaw in an organisation’s security defences – commonly the employees themselves – to launch their attack. You only need to look at the number and scale of phishing attacks taking place every year. In 2021, 83% of organisations reported experiencing phishing attacks. In 2022, an additional six billion attacks are expected to occur.

    Many phishing defences start and end with employee training to help them spot a phishing email. Empowering employees is certainly a key strategy. But employee education is only a part of the solution. This article will explain how organisations can widen their defences using technical measures as well as reporting processes and plan for attacks to minimise their impact.

    Phishing at its worse

    A phishing attack is where a malicious hacker launches an email-based attack with the objective of obtaining user credentials so that they can gain a foothold within a corporate network and use that foothold to exploit data or demand a ransom. Cybercriminals use deception tactics to encourage users to click on a link which launches malware or makes the user give away details such as usernames, email addresses or better still, passwords.

    Phishing emails are so common because it’s a numbers game; if a phishing campaign circulates to enough users (often in the millions), it increases the chance of success. Such data breaches not only cause loss of company data but lead to loss of revenue from a decline in customer trust and market value.

    Here are five steps to take to bolster the defence of your corporate network that should be combined with effective employee training.

    1. Review how you’re preventing phishing emails reaching you in the first place

    Whether manual or through your cloud-based email provider, ensure that the filtering or blocking service is sufficient for your needs and that it is applied to all users’ accounts.

    A filtering service will send them to a junk folder, whereas a blocking service will prevent the email getting through to the user completely. This is based on the senders IP address, domain name, attachment type or because it’s detected malware.

    1. Think like a hacker

    Often, thinking like a hacker is the best ways to spot one and this involves gaining an understanding of the nature of the threat that phishing poses to your organisation. What would a hacker want from an employee? Which departments are managing processes that are most sensitive (such as product development or finance) and could these processes be mimicked by a hacker?

    1. Make specific processes more resilient

    This involves good cyber hygiene practice. If dealing with many external email requests, try using multi-factor authentication, such as an SMS message or phone call to verify the sender.

    Rather than sending and receiving email attachments, use a different login method or share files through an access-controlled account in the cloud such as Dropbox or Microsoft Teams.

    1. Adopt a zero-tolerance security culture It’s important to be realistic – not everyone can spot a phishing email 100% of the time. Phishing emails have become much more sophisticated in recent years. Zero trust is the mindset of ‘protect everyone, verify everything’. Every user and device accessing a network is a potential threat. A zero-trust policy requires employees to act with a healthy dose of scepticism to everything that lands in their inbox. Such a culture brings the employee into the broader security network, establishing trust between the organisation and employee while increasing resilience.
    2. Encourage transparency and ensure ease of reporting Often, it’s the phishing culture within an organisation that needs to be improved. Far from pointing the finger and assigning blame to an employee, it’s important to foster a culture of awareness, support, and action. If an employee feels that they are going to be reprimanded for not spotting a phishing email or making a mistake, they may not report it promptly, or at all. Implement a process that is easy to follow when an employee believes that a phishing email has made it past the company’s technical defences. Once it’s been reported, make sure that employees know that it will be actioned so that they feel encouraged to repeat the exercise again. Create an environment where employees aren’t afraid to ask out loud for extra support in spotting phishing attacks. 

    Being involved in an organisation’s awareness and reporting culture should all form part of an employee’s wider security hygiene which also includes password management, use of removable media and remote working practices among other things. As an organisation, this should be actively encouraged to ensure that security is maintained.

    In summary

    A combination of education, simulation, transparency and effective security reporting, along with leading-edge security tools are necessary to create a zero-trust organisation. From a technology perspective, this could involve multi-factor authentication, a VPN, encryption for files and updated hardware. Together, they can create a more secure corporate environment for all.

    The reality is that there are always going to be threats that creep into a company’s layers of security. But if an organisation has the necessary security technology, employee education and a strong culture of zero-trust, then identifying and reporting threats becomes innate in everyone.

    Frequently Asked Questions about Five key steps to defend your organisation from harmful phishing attacks

    1What is phishing?

    Phishing is a cyber attack where attackers impersonate legitimate entities to trick individuals into revealing sensitive information, such as usernames and passwords, often through deceptive emails.

    2What is cybersecurity?

    Cybersecurity refers to the practices and technologies designed to protect computers, networks, and data from unauthorized access, attacks, or damage.

    3What is risk management?

    Risk management is the process of identifying, assessing, and controlling threats to an organization's capital and earnings, including financial, operational, and reputational risks.

    4What is employee training in cybersecurity?

    Employee training in cybersecurity involves educating staff about security policies, potential threats, and best practices to prevent cyber attacks and protect sensitive information.

    5What is a zero-trust security model?

    A zero-trust security model is a cybersecurity approach that requires strict identity verification for every person and device attempting to access resources on a network, regardless of whether they are inside or outside the network.

    More from Technology

    Explore more articles in the Technology category

    Image for Nominations Open for Technology Awards 2026
    Nominations Open for Technology Awards 2026
    Image for Nominations Open for Innovation Awards 2026
    Nominations Open for Innovation Awards 2026
    Image for Archie earns industry recognition across G2, Capterra, and SoftwareReviews
    Archie Earns Industry Recognition Across G2, Capterra, and SoftwareReviews
    Image for The Bankaool Transformation: How a Regional Mexican Bank Became a Fintech Disruptor
    The Bankaool Transformation: How a Regional Mexican Bank Became a FinTech Disruptor
    Image for Submit Your Entry Today for Digital Banking Awards 2026
    Submit Your Entry Today for Digital Banking Awards 2026
    Image for Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Image for Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Image for Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Image for Entrepreneurial Discipline in the AI Economy: Insights from Dmytro Lavryniuk
    Entrepreneurial Discipline in the AI Economy: Insights From Dmytro Lavryniuk
    Image for Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Image for Call for Entries: Best Digital Wallet 2026
    Call for Entries: Best Digital Wallet 2026
    Image for Nominations Open for Brand of the Year Technology 2026
    Nominations Open for Brand of the Year Technology 2026
    View All Technology Posts
    Previous Technology PostHow Fintechs Are Shaping the Future of Finance
    Next Technology PostInnovative Information Management: How Financial Services Can Drive Digital Transformation Forward