The world of cybersecurity tends to have two different approaches to phishing. The first view believes that through proper security training and internal controls, phishing can by and large be prevented. The second states that employees do not know any better to fall victim to phishing scams, and so it should be up to the IT department to prevent the attacks. Best practices say that in order to best prevent phishing attacks, you need to understand your attackers, understand their targets, and limit the access that “whales” (or privileged users) have, among others. Read more tips to prevent phishing here at DarkReading.