Skip navigation

How to respond quickly to phishing incidents

In this blog on phishing with the National Cyber Security Centre, we offer advice and tips on how to detect potential phishing emails and respond in a planned way.

4 min read

Detect incidents quickly

Knowing about an incident sooner rather than later allows you to limit the harm it can cause.

How do I do this?

  • Ensure users know in advance how they can report incidents. Bear in mind that they may be unable to access normal means of communication if their device is compromised.

  • Use a security logging system to pick up on incidents your users are not aware of. To collect this information, you can use monitoring tools built into your off-the-shelf services (such as cloud email security panels), build an in-house team, or outsource to a managed security monitoring service.

  • Smaller organisations that may lack dedicated logging resources may wish to try the NCSC's Logging Made Easy open source project, which provides a practical way to set up basic end-to-end Windows monitoring of your IT estate.

  • Once a monitoring capability has been set up, it needs to be kept up to date to ensure it remains effective. 

Have an incident response plan

Once an incident is discovered, you need to know what to do to prevent any further harm as soon as possible.

How do I do this?

  • Ensure that your organisation knows what to do in the case of different types of incidents. For example, how will you force a password reset if a password is compromised? Who is responsible for removing malware from a device, and how will they do it? For more information, refer to the Incident Management section of 10 Steps to Cyber Security.

  • Incident response plans should be practised before an incident occurs. The best way to do this is through exercising. If you're new to this, the NCSC has created Exercise In A Box, an online tool which helps you to find out how resilient you are to cyberattacks, and where you can practise your response in a safe environment.

You might also like

The Mettle account is an e-money account provided by Prepay Solutions (PPS), a trading name of Prepay Technologies Ltd which is an electronic money institution regulated by the Financial Conduct Authority under the Electronic Money Regulations 2011 (FRN 900010) for the issuing of electronic money. Financial Services Compensation Scheme (FSCS) protection does not apply to electronic money institutions. Mastercard® is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated. Registered office: 250 Bishopsgate, London, United Kingdom EC2M 4AA

Copyright 2022 © Mettle Ventures Limited.

NatWest