New phishing patterns: Emails are crafted to look like they come from executives or IT, often using urgent security-related subject lines (e.g., account security / password reset themes).

Warning signs:

• Urgent or pressuring language
• Suspicious attachments (e.g., .html, .pdf)
• Links that do not match the company domain

What to do if unsure:

• Don’t click suspicious links
• Forward/report to IT for verification

• Email open rate: 68%

• Malicious link click rate: 22%

• Suspicious email reporting: improved by +40%

• Enable MFA (Multi-Factor Authentication)

• Use strong passwords: include letters + numbers + symbols and at least 12 characters

• Do not reuse passwords across personal vs. work accounts

• Lock your screen—especially in operational areas

• Perform the quarterly password change

• Ensure VPN usage is on the latest approved version

• Remove access for unused accounts

• Review cloud file-sharing to align with TAS ISMS policy

Email Security Gateway (ESG): Filters spam/phishing before messages reach users, blocks malicious links automatically, analyzes attachments via sandboxing, and provides weekly threat reporting.