2. Take Better Control of Third-Party App Permissions and Approvals
Even when MFA and identity management tools are in place, some users can still accidentally grant malicious cloud apps access to convincing cyber phishers.
The only way to completely shut down consent phishing attacks is to prevent users from granting access to third-party apps altogether. To maintain employee productivity, IT admins should instead approve all new app requests from end users and preapprove widely used apps from trusted publishers.
3. Universities Can Make the Most of Cybersecurity with Audits
All institutions should hire outside cyber experts to perform annual audits. Auditors test for security policies, best practices, documentation and compliance in central and remote IT systems and devices. They assess the security of your software, firewalls, third-party vendors, apps and the IT app approval process.
4. Reduce Consent Phishing by Immediately Notifying Parties
Finally, whenever a user reports a suspicious email that looks like it is coming from a legitimate party, IT teams should notify that party. IT can also consider hardening security around email systems with software that checks for spam and blocks access to known malicious websites and apps.
UP NEXT: How multichannel phishing extends to threats beyond email.