Cyber Criminals are a threat to any working organization and Microsoft Security has shared a checklist for IT professionals to protect their companies against phishing attacks.
The first of the 9 suggested ways requires the use of MFA (Multi-Factor Authentication) across all accounts to limit unauthorized access.
The second way suggested is that highly privileged accounts, enable Conditional Access. This means that you can block access from countries, regions, and IPs that you're not typically supposed to be receiving traffic from.
Third way involves the use of physical security keys for those involved in payment/purchase activities or for privileged accounts.
The fourth way is to use browsers, which support services such as Microsoft SmartScreen. It analyses URLs for suspicious behavior and blocks access to known malicious websites, providing you an extra layer of security
The fifth way suggests that Microsoft Defender for Office 365 should quarantine high probability phish and detonate URLs and attachments in a sandbox. This should be done before the email reaches the inbox.
You can also enable impersonation and spoofing protection features across your organization.
The seventh way suggests use of Configure services such as Domain Keys Identified Mail (DKIM) to prevent delivery of non-authenticated emails that may be spoofing reputable senders.
In the eight way you can Audit tenant and user created "allow rules" and remove broad domain and IP based exceptions. These rules often take precedence and can allow known malicious emails through email filtering
Finally, Microsoft suggests that you should regularly run phishing simulators to understand, assess, and educate vulnerable users.
Read more on tech.hindustantimes.com