Phishing attacks are a threat faced by every organization, in part because they are easy and inexpensive to launch, and they are highly successful. If you are unfamiliar with phishing or wonder if your organization is taking the appropriate steps, The National Cyber Security Centre of the United Kingdom has put together an excellent, high-level article that we highly recommend. Although it touches on some technical jargon, it is written at a high enough level that most nontechnical people should be able to follow it. One of the key take-away points is that a phishing defense needs to have multiple layers, as illustrated in the infographic above. Organizations need to be not only training users to improve their ability to spot current threats and phishing attack styles, but also putting in place appropriate policies and procedures to detect when a user has fallen for a phishing attack, responding to the resulting attack, and recovering from it. The article is available in the link below.