When I used to do more computer security-related work, my go-to resource was the SANS Institute. It’s discouraging but educational that even top pros like them can fall for a phishing attack.
Phishing attacks are probably the most serious computer security threat out there now.
Dennis and Tom in a recent Kennedy-Mighell podcast noted a recent example that tended to show training employees had only limited benefits. Testers sent simulated phishing emails to a firm’s employees after they had been warned that such a test might be performed. Nevertheless, nearly all the employees fell for the phony emails.
Nevertheless, it’s foolish not to at least attempt to attempt to educate your employees. If it prevents even one incident that otherwise might result in ransomware or worse, it would be worth it.
Threatpost has some other suggested defensive tips.