Security awareness training is the most effective option listed for preventing phishing attacks from impacting business systems because phishing relies heavily on deceiving users. Employees must be able to recognize suspicious links, spoofed domains, unusual payment requests, fake login pages, malicious attachments, and social engineering indicators. Monitoring system usage may detect suspicious activity after exposure. Malware detection is useful but may not prevent credential theft or fraudulent instructions if the user is deceived. Blocking user accounts is a response action, not a broad preventive control. Internal audit should evaluate whether phishing training is recurring, practical, tested through simulations, and supported by reporting channels. Since user behavior is central to phishing defense, Option A is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit