1. Technical controls
- MFA (phishing-resistant where possible).
- Email authentication (SPF, DKIM, DMARC).
- Web/email filtering and attachment sandboxing.
2. People controls
Frequent, realistic simulated phishing plus short training builds a reporting culture that catches what filters miss.
How CyberSigma helps
We run phishing simulations and awareness training, and test your BEC defences through social-engineering assessments.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
