.png)
At Vigilant Sec, we see every day how small businesses are facing increasingly sophisticated phishing attacks.
Phishing may be a familiar term, but it’s still one of the most common ways attackers breach small businesses. Stolen credentials often lead to lost data, account takeovers, and even ransomware.
- Common sense alone can’t stop every attack.
That’s why Vigilant Sec encourages every business to adopt layered defenses against phishing. When we protect customer environments, we tend to assume one thing: your users’ passwords will be stolen.
Some phishing emails hide malicious links as QR codes, which circumvent detections and lead users to expose their mobile devices to phishing platforms.
Common Strategies: Benefits and Challenges
|
Common Strategy: |
Benefit: |
Challenges: |
| Multi-Factor Authentication (MFA) | Requires users to verify their identity with an additional method beyond a password to ensure it’s really them |
|
| Password Managers |
Reduce password reuse and avoid already-stolen credentials |
|
| Conditional Access Policies [M365] |
Reduce password reuse and avoid already-stolen credentials |
|
| Spam Detection (Exchange & Gmail) |
Blocks some phishing emails before they reach users |
|
| Email Scanning Products | Enhance Microsoft or Google filtering with additional scanning |
|
Phishing Prevention = Identity Protection
A strong defense against phishing combines some, or all, of the solutions above. Security training for users helps as well, but can fail as phishing continues to get more sophisticated. True phishing prevention goes further by stopping all unauthorized access.
Here’s how Vigilant Sec helps businesses shift from avoiding risky emails to protecting their entire identity perimeter.
Start with Hardening and MFA
Vigilant Sec recommends hardening, not just alerting, as the best way to defend your business against phishing. Our guided automations help teams strengthen defenses step by step, on a schedule that fits their workflow.
The result? Most attacks are stopped outright, and alerts stay focused on what matters.
Best Practices for Hardening Users Against Phishing
|
Vigilant Sec Recommends: |
Vigilant Sec Provides: |
For Microsoft environments, use Entra Conditional Access to:
|
Automations to deploy secure policy templates and a guided rollout process, helping teams understand and confidently enable new settings |
Transition users from less secure MFA methods to stronger ones:
|
Visibility into MFA usage, user adoption, and readiness for stricter MFA enforcement
|
| Implement security recommendations from benchmarks such as CISA’s Secure Cloud Business Applications (SCuBA) |
Continuous monitoring of key configurations, recommendations for improvement, and progress tracking over time Requires greater technical skill to manage |
| Review admin, guest, and stale accounts regularly; remove unnecessary access |
|
Remain Vigilant About Risky Logins
It’s important to understand how long user sessions remain active in Google Workspace and Microsoft 365. By default, Google sessions last about 14 days before users are required to re-authenticate, while Microsoft 365 sessions can persist for up to 90 days, depending on app and tenant settings. That’s a long window for an attacker to maintain access if a session is compromised.
In both platforms, admins can review and manage risky users through their respective security consoles. If there’s any indication a user account may be compromised, it’s always worth revoking active sessions to cut off potential unauthorized access. Even if an attacker still has the user’s password, they’d need to phish the user again to capture a new session and complete MFA, making session revocation a quick and effective containment step.
Best Practices for Responding to Risky Logins
|
Vigilant Sec Recommends: |
Vigilant Sec Provides: |
| Create notifications for risky login alerts |
24/7 monitoring and investigation of all alerts and risky activity |
| Combine native detections (Microsoft, Google) with custom ones | A rich library of vendor, community, and Vigilant Sec-developed detections |
| Monitor password-reset requests and new device registrations | Detection coverage from authentication through post-login behavior |
| Establish a workflow to triage and understand risky login alerts | Custom tools to visualize, summarize, and communicate unusual activity clearly to customers |
| Learn Microsoft and Google processes for revoking sessions and resetting passwords | Automations for instant response to high-fidelity detections |
| Be ready to make judgment calls in real time | Experience and confidence to stop bad actors without disrupting business |
Let Vigilant Sec Handle the Hard Part
Best practices are easier said than done, which is why we take pride in mastering them for our customers. Vigilant Sec handles the security side so you can stay focused on what matters most: your business.
Have questions? We’re happy to walk you through any of these recommendations and show how they can strengthen your environment.