Skip links

12 Tips of Phishmas

It’s phishmas time again! Here are our top 12 tips to get you through the phishmas season (and beyond).

The costs and risks posed by ransomware refuse to die down.

In fact, they are not only increasing in number and severity but also spreading through to smaller businesses.

From the technical monitoring of managed detection and response (MDR) to human-focused security awareness training, there are many ways SMBs can find cost-effective solutions.

Our advice for SMBs is to ensure that everyone in the business is doing all they can to reduce the risk of a ransomware attack.

  • Never open an attachment from an unknown sender.
    And be careful of links too: the vast majority of global malware arrives via email.
  • Don’t plug in an unknown USB device.
    Such devices are may contain malware that will quickly spread through your company’s network.
  • Get into the habit of using ‘challenging’ passwords that are updated regularly.
    This means that any password that is leaked in a breach (not necessarily from your own business) is less likely to pose a security risk.
  • Update the system.
    Many vulnerabilities appear when applications (particularly third-party applications) are out of date and no longer ‘patched’ against the vulnerabilities that can cause security breaches.

Phishing is as prevalent as ever, it’s one of the most common cyber threats we face today.

Would you know how to spot a phishing attempt?

Check out our infographic with tips on how to spot a phishing attempt.

Check out the infographic

Empowered with the right cybersecurity awareness knowledge, your staff can be your greatest asset, alerting you to threats in real-time as they happen and providing valuable feedback on whether your online security processes and procedures are effective and workable alongside the needs of their job.

  • Comprehensive training with real-world examples that reduce likelihood of cyber attacks succeeding.
  • Bring the training to life using real-world stories from our trainers’ own experiences as ethical hackers.
  • Follow up training and testing through a cloud eLearning platform.
Find out more about security awareness training

All businesses are custodians of highly sensitive information, and therefore an inviting target for hackers. There remains a major liability threat, financial cost and risk of lasting damage to your brand should you take this responsibility lightly.

Download our paper: Under attack and Under your radar. Cyber Security threats to your business, brand and reputation.


For IT teams, the monitoring, detection and response to phishing emails raised by end users is a time consuming and resource management heavy task.

Give you and your team time back!

Outsource your suspicious emails to the experts with our suspicious email analysis service.

Suspected phishing emails will be quickly assessed by one of our cyber security analysts who know exactly what to look for. Leaving you to free to take immediate action on the real threats to prevent security breaches or a network compromise.

Find out more about suspicious email analysis

Pressure on IT teams in 2020 has been immense. We have new ways of working, increased security risks and at the centre is the outstretched IT department.

  • The risk of endpoint penetration has multiplied enormously as access points to the network multiply.
  • IT teams cannot provide the investment in resources, technology or people that are needed to maintain the prevention, rapid detection and immediate response to increasingly sophisticated and diffuse attacks.

Which is why many businesses are turning to Managed Detection and Response services (MDR) to ensure 24/7 monitoring of their entire, extended network and proactive reductions of risk.

Focus on changing business priorities and budget allocation. It ensures you place security first even as you are being pulled in many other directions.

Find out more about managed detection & response

Password strenth is down to length, the traditional numbers and letters is no longer sufficient. Watch our head of Cyber Awareness and Ethical hacker, Rob Shapland, discuss his tips for password security.

  • Set a long passphrase that you can remember
  • Use different passphrases for sites containing sensitive data
  • Enable 2-factor authentication

If you have an open profile say on Instagram or Facebook, hackers can find out your birthday or your pets name and build up enough of a profile to control your bank account or even your mobile phone.

Before posting think – what can be used against you?

Watch our webinar ‘Tales from an ethical hacker’ our head of professional services and ethical hacker walks you through a real-world simulated attack using social engineering, phishing and physical intrusion into a building.

Find out more about Red Teaming

Detection in depth is achieved by leveraging multiple protective and analytical capabilities to provide a multi-layered defensive security posture.

Check out our brand new animation for lots more information about detection in depth.

Make sure they are as secure as you and your employees are.

Whether that’s cleaners, plant waterers, legal firms or HR companies. Whatever data you are sharing with a third-party – make sure it’s as secure as if it was on your own network.

Watch our head of cyber awareness, Rob Shapland, discuss third-party contractors and what you should consider from a security perspective.

Are your staff prepared for cyber attacks that are designed to coax sensitive information from them? Ethical phishing is a good way to test your staff knowledge before and after security awareness training

  • Test your organisation’s defences.
  • Identify potential data leaks.
  • Highlight weaknesses in human behaviour.
Find out more about our ethical phishing services

Have a great (and secure!) Phishmas
from all of us at Falanx Cyber

Don’t forget to follow us @falanxcyber!