Use strong, unique passwords for every account
Enable multi-factor authentication on all important accounts
Verify sender email addresses before clicking links or opening attachments
Avoid clicking suspicious links in emails, texts, or messages
Type website addresses directly into the browser
Check for HTTPS and valid domain names before entering credentials
Keep operating systems, browsers, and apps updated
Use reputable antivirus and anti-malware software
Train employees and users to recognize phishing attempts
Report suspicious emails and messages immediately
Limit the sharing of personal and company information online
Use email filtering and anti-phishing security tools
Back up important data regularly
Restrict user permissions to the minimum necessary
Monitor accounts for unusual activity
Confirm payment or account-change requests through a separate trusted channel
Disable macros in documents from unknown sources
Use secure password managers to reduce credential reuse
