Gregory's ServerTrue story: I just set a rule in Outlook that moves any incoming email that's (a) not from someone in my address book/ "Trusted Senders", and (b) from outside my organization into Junk.
Doing that pretty much makes you unsusceptible for phishing/ spear-phishing. Unless your organization gets breached. In which case you've got bigger issues.
Doing that pretty much makes you unsusceptible for phishing/ spear-phishing. Unless your organization gets breached. In which case you've got bigger issues.