2. Take Control of Third-Party App Permissions and Approvals
Unfortunately, even when MFA and identity management tools are in place, some users can still accidentally grant malicious cloud apps access to convincing cyber phishers.
The only way to completely shut down consent phishing attacks is to prevent users from granting access to third-party apps altogether. To maintain employee productivity, IT admins should instead approve all new app requests from end users and preapprove widely used apps from trusted publishers.
3. Shore Up Cybersecurity with Annual External Audits
All businesses should hire outside cyber experts to perform annual audits. The auditors test for security policies, best practices, documentation and compliance in central and remote IT systems and devices. They assess the security of your software, firewalls, third-party vendors, apps and the IT app approval process.
4. Reduce Consent Phishing by Notifying Legitimate Parties
Finally, whenever a user reports a suspicious email that looks like it is coming from a legitimate party, IT teams should notify that party. IT can also consider hardening security around email systems with software that checks for spam and blocks access to known malicious websites and apps.