An email can come at any point of the day or night and from any sender with a wide range of malicious payloads or URLs. Users must never let their guard down and should be very conscientious every email they receive. Organizations are only as strong as their weakest link and in many cases, their weakest user.
Constantly broadcast to all users, tips for spear phishing hygiene. Ensure spam filters are up to date. Be extra sensitive of emails from Finance, Banking, HR and Utility emails. Double-check e-mail address to ensure domain matches sending organization. Hover over links to ensure domain for links matches sending organization. If questioning the safety of a link, research the link online and directly browse to the topic mentioned in the email instead of clicking link.