Phishing & social engineering

Can your staff spot a phishing email when it matters?

Phishing is the most common way attackers get into SMEs.

Questions to ask yourself

Do staff know how to spot a suspicious email?
Is there a one-click way for them to report one?
Do we use technical email filtering?
Do we run phishing simulations?
If someone falls for one, are they comfortable telling you?

What you can do today

Make reporting easy, then practise

Three actions.

01Add the Microsoft 365 or Google Report Phishing button to staff inboxes.
02Forward suspicious emails to report@phishing.gov.uk.
03Run one phishing simulation a quarter. Use it to train, not blame.

« Previous All topics Next →