Phishing is a form of social engineering whereby threat agents attempt to deceive users or take advantage of a user’s trust, in order to steal sensitive information, or to gain illegal access to credentials, internal networks, systems, databases, or other valuable enterprise assets. The key to an effective enterprise anti-phishing program is maintaining a high degree of staff awareness and training, on a continuous basis.
The NABA-TC Cybersecurity Sub-Committee published NABA Recommendations for Best Practices in an Effective Enterprise Anti-Phishing Program.