Skip navigation

How to respond quickly to phishing incidents

Written by: Mettle editorial
4 min read

In this blog on phishing with the National Cyber Security Centre, we offer advice and tips on how to detect potential phishing emails and respond in a planned way.

Cyber security email

Detect incidents quickly

Knowing about an incident sooner rather than later allows you to limit the harm it can cause.

How do I do this?

  • Ensure users know in advance how they can report incidents. Bear in mind that they may be unable to access normal means of communication if their device is compromised.

  • Use a security logging system to pick up on incidents your users are not aware of. To collect this information, you can use monitoring tools built into your off-the-shelf services (such as cloud email security panels), build an in-house team, or outsource to a managed security monitoring service.

  • Smaller organisations that may lack dedicated logging resources may wish to try the NCSC's Logging Made Easy open source project, which provides a practical way to set up basic end-to-end Windows monitoring of your IT estate.

  • Once a monitoring capability has been set up, it needs to be kept up to date to ensure it remains effective. 

Have an incident response plan

Once an incident is discovered, you need to know what to do to prevent any further harm as soon as possible.

How do I do this?

  • Ensure that your organisation knows what to do in the case of different types of incidents. For example, how will you force a password reset if a password is compromised? Who is responsible for removing malware from a device, and how will they do it? For more information, refer to the Incident Management section of 10 Steps to Cyber Security.

  • Incident response plans should be practised before an incident occurs. The best way to do this is through exercising. If you're new to this, the NCSC has created Exercise In A Box, an online tool which helps you to find out how resilient you are to cyberattacks, and where you can practise your response in a safe environment.

linkedIn logo

At Mettle, our aim is to give everyone the financial confidence to work for themselves, and that’s no different with our content. We want to give small business owners, freelancers and sole traders the tips, tricks and industry updates they need to run their businesses. 

You might also like