Customize email banners. Generic warnings fade in the background and are easy for attackers to replicate. Instead, make banners highly specific to each given threat and brand with the company logo, which helps users understand what to look for, why it’s a threat and what to do next.
Make banners actionable. Highly targeted attacks are difficult for even the best-trained employee to spot. Take banner customization one step further by including relevant context about the sender, such as a common sender suddenly using a new email address. Make banner warnings actionable by including reminders about business policies. For instance, if an email references financial information, include a note that outlines the wire transfer policy, reminding the employee that all financial transactions require two manager-level signatures.
Preview suspicious links. Users ignore or bypass generic warnings about suspicious URLs, especially if they are checking email on mobile devices. Instead, leverage URL sandboxing to offer a preview of the destination of any links in a message, ideally as part of the warning so that users can see what the destination page looks like and gain the context they need to make better decisions.
Go beyond MFA. Although multifactor authentication improves password-only authentication, it’s cumbersome to implement and disruptive to users. And when breaches reveal personal information, such as phone numbers, MFA becomes increasingly easier to bypass. Consider adding biometric-based technology to validate users based on attributes like unique typing patterns. Authentication technology that analyzes attributes like unique typing patterns has become more accessible. It’s extremely difficult to replicate, and it allows for authentication that integrates seamlessly with employee workflows. This can prevent highly targeted insider attacks that come from legitimate company email addresses that may have been compromised.
Make reporting phish easy. In addition to having integrated phish reporting functionality, also offer a simple stoplight-level analysis of the nuances of any given email, giving employees a way to judge for themselves when emails are suspicious.
Incorporate learnings into policy. When employees act as defenders, the security team benefits from having additional knowledge and immediate awareness of emerging threats. A largescale attack may include a link that appears safe and bypasses defenses that rely on binary evaluation based on known threats. But once inside inboxes, the attackers weaponize the link and users are at risk until the threat gets discovered. If link previews and reporting are in place, employees can identify and report threats. The security team can act quickly on this information and roll out a universal policy that automatically removes those threats from their environment.