Small Business Phishing Attacks Checklist
Staff should only have basic email privileges so the lowest level rights needed to perform their job.
Administrator accounts have many more access rights if unauthorised access is achieved can be far more damaging than basic user account.
Think about your usual working procedures and how you can help make common tricks less likely to succeed.
Examples: Unusual requests / Invoices, Impersonating banks
Report Suspicious Emails
Attackers use publicly available information to make their phishing messages more convincing.
This can be from your website or social media accounts.