The IT security team of a mid-sized organization has recorded several recent incidents in which employees receive convincing emails that install malware after the embedded links are clicked. Which of the following is the BEST method to mitigate this threat in the future?
Deploying anti-malware software on all devices
Enforcing strict password policies
Implementing email filtering to block malicious messages
Educating users on how to identify and report phishing emails
Educating users on how to identify and report phishing emails directly addresses the social-engineering tactics leveraged in malicious messages. User awareness training reduces the likelihood that an employee will click a suspicious link, closing the primary attack path. Although email filtering and endpoint anti-malware controls can lower the volume of malicious emails or detect malware after execution, determined attackers can still bypass these technical defenses. Strict password policies do not affect a user's decision to click a link.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is phishing and why is it a common attack method?
Open an interactive chat with Bash
How can email filtering help prevent phishing attacks?
Open an interactive chat with Bash
What are best practices to identify phishing emails?